Update March 2023

actors/APT-C-36/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...
 
-There are 22 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -52,67 +52,68 @@ ID | Type | Indicator | Confidence
 1 | File | `.github/workflows/combine-prs.yml` | High
 2 | File | `/Admin/add-student.php` | High
 3 | File | `/admin/api/admin/articles/` | High
-4 | File | `/admin/conferences/list/` | High
-5 | File | `/admin/generalsettings.php` | High
-6 | File | `/Admin/login.php` | High
-7 | File | `/admin/payment.php` | High
-8 | File | `/admin/reports.php` | High
-9 | File | `/admin/showbad.php` | High
-10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-12 | File | `/apilog.php` | Medium
-13 | File | `/bin/httpd` | Medium
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/connectors/index.php` | High
-16 | File | `/dev/block/mmcblk0rpmb` | High
-17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-18 | File | `/face-recognition-php/facepay-master/camera.php` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/fos/admin/ajax.php?action=login` | High
-21 | File | `/fos/admin/index.php?page=menu` | High
-22 | File | `/home/masterConsole` | High
-23 | File | `/home/sendBroadcast` | High
-24 | File | `/hrm/employeeadd.php` | High
-25 | File | `/hrm/employeeview.php` | High
-26 | File | `/index.php` | Medium
-27 | File | `/items/view_item.php` | High
-28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-29 | File | `/lookin/info` | Medium
-30 | File | `/manager/index.php` | High
-31 | File | `/medical/inventories.php` | High
-32 | File | `/modules/profile/index.php` | High
-33 | File | `/modules/projects/vw_files.php` | High
-34 | File | `/modules/public/calendar.php` | High
-35 | File | `/mygym/admin/index.php?view_exercises` | High
-36 | File | `/newsDia.php` | Medium
-37 | File | `/out.php` | Medium
-38 | File | `/php-opos/index.php` | High
-39 | File | `/proxy` | Low
-40 | File | `/public/launchNewWindow.jsp` | High
-41 | File | `/Redcock-Farm/farm/category.php` | High
-42 | File | `/reports/rwservlet` | High
-43 | File | `/sacco_shield/manage_user.php` | High
-44 | File | `/spip.php` | Medium
-45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-46 | File | `/staff/bookdetails.php` | High
-47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-48 | File | `/uncpath/` | Medium
-49 | File | `/user/update_booking.php` | High
-50 | File | `/WEB-INF/web.xml` | High
-51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-52 | File | `/wireless/security.asp` | High
-53 | File | `/wordpress/wp-admin/options-general.php` | High
-54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-55 | File | `01article.php` | High
-56 | File | `AbstractScheduleJob.java` | High
-57 | File | `actionphp/download.File.php` | High
-58 | File | `AdClass.php` | Medium
-59 | File | `adclick.php` | Medium
-60 | File | `addtocart.asp` | High
-61 | File | `admin.php` | Medium
-62 | ... | ... | ...
+4 | File | `/Admin/login.php` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+7 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+8 | File | `/apilog.php` | Medium
+9 | File | `/APR/login.php` | High
+10 | File | `/bin/httpd` | Medium
+11 | File | `/cgi-bin/wapopen` | High
+12 | File | `/cgi-bin/wlogin.cgi` | High
+13 | File | `/connectors/index.php` | High
+14 | File | `/dev/block/mmcblk0rpmb` | High
+15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+16 | File | `/face-recognition-php/facepay-master/camera.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/fos/admin/ajax.php?action=login` | High
+19 | File | `/fos/admin/index.php?page=menu` | High
+20 | File | `/home/masterConsole` | High
+21 | File | `/home/sendBroadcast` | High
+22 | File | `/hrm/employeeadd.php` | High
+23 | File | `/hrm/employeeview.php` | High
+24 | File | `/index.php` | Medium
+25 | File | `/items/view_item.php` | High
+26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+27 | File | `/lookin/info` | Medium
+28 | File | `/manager/index.php` | High
+29 | File | `/medical/inventories.php` | High
+30 | File | `/modules/profile/index.php` | High
+31 | File | `/modules/projects/vw_files.php` | High
+32 | File | `/modules/public/calendar.php` | High
+33 | File | `/mygym/admin/index.php?view_exercises` | High
+34 | File | `/newsDia.php` | Medium
+35 | File | `/out.php` | Medium
+36 | File | `/php-opos/index.php` | High
+37 | File | `/proxy` | Low
+38 | File | `/public/launchNewWindow.jsp` | High
+39 | File | `/Redcock-Farm/farm/category.php` | High
+40 | File | `/reports/rwservlet` | High
+41 | File | `/sacco_shield/manage_user.php` | High
+42 | File | `/spip.php` | Medium
+43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+44 | File | `/staff/bookdetails.php` | High
+45 | File | `/uncpath/` | Medium
+46 | File | `/user/update_booking.php` | High
+47 | File | `/WEB-INF/web.xml` | High
+48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+49 | File | `/wireless/security.asp` | High
+50 | File | `/wordpress/wp-admin/options-general.php` | High
+51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+52 | File | `01article.php` | High
+53 | File | `AbstractScheduleJob.java` | High
+54 | File | `actionphp/download.File.php` | High
+55 | File | `activenews_view.asp` | High
+56 | File | `adclick.php` | Medium
+57 | File | `addtocart.asp` | High
+58 | File | `admin.php` | Medium
+59 | File | `admin/abc.php` | High
+60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+61 | File | `admin/admin/adminsave.html` | High
+62 | File | `admin/conf_users_edit.php` | High
+63 | ... | ... | ...
 
-There are 539 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 555 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT27/README.md

@@ -102,7 +102,7 @@ ID | Type | Indicator | Confidence
 39 | File | `affich.php` | Medium
 40 | ... | ... | ...
 
-There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT28/README.md

@@ -134,7 +134,7 @@ ID | Type | Indicator | Confidence
 27 | File | `/tmp/zarafa-vacation-*` | High
 28 | ... | ... | ...
 
-There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 235 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT29/README.md

@@ -91,32 +91,32 @@ ID | Type | Indicator | Confidence
 11 | File | `/attachments` | Medium
 12 | File | `/boat/login.php` | High
 13 | File | `/bsms_ci/index.php/book` | High
-14 | File | `/cgi-bin/login.cgi` | High
-15 | File | `/cgi-bin/luci/api/wireless` | High
-16 | File | `/ci_hms/massage_room/edit/1` | High
-17 | File | `/context/%2e/WEB-INF/web.xml` | High
-18 | File | `/dashboard/reports/logs/view` | High
-19 | File | `/debian/patches/load_ppp_generic_if_needed` | High
-20 | File | `/debug/pprof` | Medium
-21 | File | `/etc/hosts` | Medium
-22 | File | `/forum/away.php` | High
-23 | File | `/goform/setmac` | High
-24 | File | `/goform/wizard_end` | High
-25 | File | `/hprms/admin/doctors/manage_doctor.php` | High
-26 | File | `/index/jobfairol/show/` | High
-27 | File | `/manage-apartment.php` | High
-28 | File | `/medicines/profile.php` | High
-29 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-30 | File | `/pages/apply_vacancy.php` | High
-31 | File | `/proc/<PID>/mem` | High
-32 | File | `/project/PROJECTNAME/reports/` | High
-33 | File | `/proxy` | Low
-34 | File | `/reservation/add_message.php` | High
-35 | File | `/spip.php` | Medium
-36 | File | `/tmp` | Low
+14 | File | `/cgi-bin/luci/api/wireless` | High
+15 | File | `/ci_hms/massage_room/edit/1` | High
+16 | File | `/context/%2e/WEB-INF/web.xml` | High
+17 | File | `/dashboard/reports/logs/view` | High
+18 | File | `/debian/patches/load_ppp_generic_if_needed` | High
+19 | File | `/debug/pprof` | Medium
+20 | File | `/etc/hosts` | Medium
+21 | File | `/forum/away.php` | High
+22 | File | `/goform/setmac` | High
+23 | File | `/goform/wizard_end` | High
+24 | File | `/manage-apartment.php` | High
+25 | File | `/medicines/profile.php` | High
+26 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+27 | File | `/pages/apply_vacancy.php` | High
+28 | File | `/proc/<PID>/mem` | High
+29 | File | `/project/PROJECTNAME/reports/` | High
+30 | File | `/proxy` | Low
+31 | File | `/reservation/add_message.php` | High
+32 | File | `/spip.php` | Medium
+33 | File | `/tmp` | Low
+34 | File | `/uncpath/` | Medium
+35 | File | `/upload` | Low
+36 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
 37 | ... | ... | ...
 
-There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT31/README.md

@@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+1 | T1006 | CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@@ -60,21 +60,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/api/RecordingList/DownloadRecord?file=` | High
-2 | File | `/etc/openstack-dashboard/local_settings` | High
-3 | File | `/get_getnetworkconf.cgi` | High
-4 | File | `/goform/RgDhcp` | High
-5 | File | `/goform/RGFirewallEL` | High
-6 | File | `/horde/util/go.php` | High
-7 | File | `/rapi/read_url` | High
-8 | File | `/uncpath/` | Medium
-9 | File | `/usr/bin/pkexec` | High
-10 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
-11 | File | `/wp-content/uploads/photo-gallery/` | High
-12 | File | `administrator/components/com_media/helpers/media.php` | High
-13 | File | `bb_usage_stats.php` | High
-14 | ... | ... | ...
+2 | File | `/apply.cgi` | Medium
+3 | File | `/etc/openstack-dashboard/local_settings` | High
+4 | File | `/get_getnetworkconf.cgi` | High
+5 | File | `/goform/RgDhcp` | High
+6 | File | `/goform/RGFirewallEL` | High
+7 | File | `/horde/util/go.php` | High
+8 | File | `/rapi/read_url` | High
+9 | File | `/uncpath/` | Medium
+10 | File | `/usr/bin/pkexec` | High
+11 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
+12 | File | `/wp-content/uploads/photo-gallery/` | High
+13 | File | `administrator/components/com_media/helpers/media.php` | High
+14 | File | `appserv/main.php` | High
+15 | ... | ... | ...
 
-There are 113 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT32/README.md

@@ -65,32 +65,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin/` | Low
-2 | File | `/cgi-bin/cgiServer.exx` | High
-3 | File | `/cgi-bin/login_action.cgi` | High
-4 | File | `/cgi-bin/nobody/Search.cgi` | High
-5 | File | `/cgi-bin/webviewer_login_page` | High
-6 | File | `/dev/sg0` | Medium
-7 | File | `/event/runquery.do` | High
-8 | File | `/filemanager/php/connector.php` | High
-9 | File | `/forum/away.php` | High
-10 | File | `/goform/setmac` | High
-11 | File | `/log_download.cgi` | High
-12 | File | `/manager?action=getlogcat` | High
-13 | File | `/mgmt/tm/util/bash` | High
-14 | File | `/pages/systemcall.php?command={COMMAND}` | High
-15 | File | `/password.html` | High
-16 | File | `/system/ws/v11/ss/email` | High
-17 | File | `/uncpath/` | Medium
-18 | File | `/upload` | Low
-19 | File | `add_vhost.php` | High
-20 | File | `admin/images.aspx` | High
-21 | File | `admin/index.php` | High
-22 | File | `adv2.php?action=modify` | High
-23 | File | `agent.cfg` | Medium
-24 | File | `arch/x86/include/asm/fpu/internal.h` | High
+2 | File | `/api/` | Low
+3 | File | `/cgi-bin/cgiServer.exx` | High
+4 | File | `/cgi-bin/login_action.cgi` | High
+5 | File | `/cgi-bin/nobody/Search.cgi` | High
+6 | File | `/cgi-bin/webviewer_login_page` | High
+7 | File | `/dev/sg0` | Medium
+8 | File | `/event/runquery.do` | High
+9 | File | `/filemanager/php/connector.php` | High
+10 | File | `/forum/away.php` | High
+11 | File | `/goform/setmac` | High
+12 | File | `/log_download.cgi` | High
+13 | File | `/manager?action=getlogcat` | High
+14 | File | `/mgmt/tm/util/bash` | High
+15 | File | `/pages/systemcall.php?command={COMMAND}` | High
+16 | File | `/password.html` | High
+17 | File | `/system/ws/v11/ss/email` | High
+18 | File | `/uncpath/` | Medium
+19 | File | `/upload` | Low
+20 | File | `add_vhost.php` | High
+21 | File | `admin/images.aspx` | High
+22 | File | `admin/index.php` | High
+23 | File | `adv2.php?action=modify` | High
+24 | File | `agent.cfg` | Medium
 25 | ... | ... | ...
 
-There are 209 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT34/README.md

@@ -91,9 +91,10 @@ ID | Type | Indicator | Confidence
 28 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
 29 | File | `/replication` | Medium
 30 | File | `/RestAPI` | Medium
-31 | ... | ... | ...
+31 | File | `/SASWebReportStudio/logonAndRender.do` | High
+32 | ... | ... | ...
 
-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT39/README.md

@@ -56,20 +56,20 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `//etc/RT2870STA.dat` | High
 2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
-3 | File | `/bin/boa` | Medium
-4 | File | `/cgi-bin/wapopen` | High
-5 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
-6 | File | `/jquery_file_upload/server/php/index.php` | High
-7 | File | `/librarian/bookdetails.php` | High
-8 | File | `/magnoliaPublic/travel/members/login.html` | High
-9 | File | `/Main_AdmStatus_Content.asp` | High
-10 | File | `/requests.php` | High
-11 | File | `/server-status` | High
-12 | File | `/uncpath/` | Medium
-13 | File | `/var/log/nginx` | High
+3 | File | `/appConfig/userDB.json` | High
+4 | File | `/bin/boa` | Medium
+5 | File | `/cgi-bin/wapopen` | High
+6 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
+7 | File | `/jquery_file_upload/server/php/index.php` | High
+8 | File | `/librarian/bookdetails.php` | High
+9 | File | `/magnoliaPublic/travel/members/login.html` | High
+10 | File | `/Main_AdmStatus_Content.asp` | High
+11 | File | `/requests.php` | High
+12 | File | `/server-status` | High
+13 | File | `/uncpath/` | Medium
 14 | ... | ... | ...
 
-There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Africa Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [NL](https://vuldb.com/?country.nl)
 * ...
 
-There are 23 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -2236,38 +2236,41 @@ ID | Type | Indicator | Confidence
 20 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
 21 | File | `/env` | Low
 22 | File | `/etc/sudoers` | Medium
-23 | File | `/face-recognition-php/facepay-master/camera.php` | High
-24 | File | `/forum/away.php` | High
-25 | File | `/fos/admin/ajax.php?action=login` | High
-26 | File | `/fos/admin/index.php?page=menu` | High
-27 | File | `/goform/WifiBasicSet` | High
-28 | File | `/goform/WifiGuestSet` | High
-29 | File | `/hardware` | Medium
-30 | File | `/home/masterConsole` | High
-31 | File | `/home/sendBroadcast` | High
-32 | File | `/hrm/controller/employee.php` | High
-33 | File | `/hrm/employeeadd.php` | High
-34 | File | `/hrm/employeeview.php` | High
-35 | File | `/IISADMPWD` | Medium
-36 | File | `/includes/login.php` | High
-37 | File | `/index.php` | Medium
-38 | File | `/Items/*/RemoteImages/Download` | High
-39 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
-40 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-41 | File | `/lookin/info` | Medium
-42 | File | `/Moosikay/order.php` | High
-43 | File | `/mygym/admin/index.php?view_exercises` | High
-44 | File | `/out.php` | Medium
-45 | File | `/pet_shop/admin/orders/update_status.php` | High
-46 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
-47 | File | `/php-opos/index.php` | High
-48 | File | `/proxy` | Low
-49 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
-50 | File | `/reports/rwservlet` | High
-51 | File | `/sacco_shield/manage_payment.php` | High
-52 | ... | ... | ...
+23 | File | `/forum/away.php` | High
+24 | File | `/fos/admin/ajax.php?action=login` | High
+25 | File | `/fos/admin/index.php?page=menu` | High
+26 | File | `/goform/WifiBasicSet` | High
+27 | File | `/goform/WifiGuestSet` | High
+28 | File | `/hardware` | Medium
+29 | File | `/home/masterConsole` | High
+30 | File | `/home/sendBroadcast` | High
+31 | File | `/hrm/controller/employee.php` | High
+32 | File | `/IISADMPWD` | Medium
+33 | File | `/index.php` | Medium
+34 | File | `/Items/*/RemoteImages/Download` | High
+35 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
+36 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+37 | File | `/Moosikay/order.php` | High
+38 | File | `/mygym/admin/index.php?view_exercises` | High
+39 | File | `/out.php` | Medium
+40 | File | `/pet_shop/admin/orders/update_status.php` | High
+41 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
+42 | File | `/php-opos/index.php` | High
+43 | File | `/proxy` | Low
+44 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
+45 | File | `/public/launchNewWindow.jsp` | High
+46 | File | `/reports/rwservlet` | High
+47 | File | `/sacco_shield/manage_payment.php` | High
+48 | File | `/spip.php` | Medium
+49 | File | `/start_apply.htm` | High
+50 | File | `/student/bookdetails.php` | High
+51 | File | `/tmp/ibmsupt` | Medium
+52 | File | `/uncpath/` | Medium
+53 | File | `/upload` | Low
+54 | File | `/user/loader.php?api=1` | High
+55 | ... | ... | ...
 
-There are 453 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 477 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/African Regional Industrial Property Organization Unknown/README.md

@@ -0,0 +1,30 @@
+# African Regional Industrial Property Organization Unknown - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [African Regional Industrial Property Organization Unknown](https://vuldb.com/?actor.african_regional_industrial_property_organization_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.african_regional_industrial_property_organization_unknown](https://vuldb.com/?actor.african_regional_industrial_property_organization_unknown)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of African Regional Industrial Property Organization Unknown.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [182.50.184.0](https://vuldb.com/?ip.182.50.184.0) | - | - | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://github.com/firehol/blocklist-ipsets/blob/master/ipdeny_country/id_country_ap.netset
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/Agent/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CH](https://vuldb.com/?country.ch)
 * ...
 
-There are 27 more country items available. Please use our online service to access the data.
+There are 26 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -96,10 +96,9 @@ ID | Type | Indicator | Confidence
 43 | File | `/ptms/classes/Users.php` | High
 44 | File | `/resources//../` | High
 45 | File | `/rest/api/2/search` | High
-46 | File | `/s/` | Low
-47 | ... | ... | ...
+46 | ... | ... | ...
 
-There are 406 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Agrius/README.md

@@ -59,9 +59,10 @@ ID | Type | Indicator | Confidence
 9 | File | `/storage/app/media/evil.svg` | High
 10 | File | `/uncpath/` | Medium
 11 | File | `/usr/lpp/mmfs/bin/` | High
-12 | ... | ... | ...
+12 | File | `adclick.php` | Medium
+13 | ... | ... | ...
 
-There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 98 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Allakore/README.md

@@ -50,7 +50,7 @@ ID | Type | Indicator | Confidence
 4 | File | `data/gbconfiguration.dat` | High
 5 | ... | ... | ...
 
-There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 33 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/AsynRAT/README.md

@@ -25,6 +25,21 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1055 | CWE-74 | Injection | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AsynRAT. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `admincp/auth/secure.php` | High
+2 | File | `templates/mangobery/footer.sample.php` | High
+3 | Argument | `cfgProgDir` | Medium
+4 | ... | ... | ...
+
+There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/B1txor20/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [NL](https://vuldb.com/?country.nl)
 * ...
 
-There are 5 more country items available. Please use our online service to access the data.
+There are 4 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -70,36 +70,40 @@ ID | Type | Indicator | Confidence
 8 | File | `/adms/admin/?page=user/manage_user` | High
 9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
 10 | File | `/ajax/update_certificate` | High
-11 | File | `/alphaware/summary.php` | High
-12 | File | `/apply.cgi` | Medium
-13 | File | `/boat/login.php` | High
-14 | File | `/bsms_ci/index.php/book` | High
-15 | File | `/cgi-bin/wlogin.cgi` | High
-16 | File | `/debug/pprof` | Medium
-17 | File | `/ecshop/admin/template.php` | High
-18 | File | `/eduauth/student/search.php` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/forums.php?action=post` | High
-21 | File | `/goform/formDefault` | High
-22 | File | `/goform/formLogin` | High
-23 | File | `/goform/formSysCmd` | High
-24 | File | `/goform/fromSetWirelessRepeat` | High
-25 | File | `/goform/WifiBasicSet` | High
-26 | File | `/index.php` | Medium
-27 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
-28 | File | `/list.php` | Medium
-29 | File | `/login/index.php` | High
-30 | File | `/medicines/profile.php` | High
-31 | File | `/Moosikay/order.php` | High
-32 | File | `/philosophy/admin/user/controller.php?action=add` | High
-33 | File | `/php-opos/signup.php` | High
-34 | File | `/reservation/add_message.php` | High
-35 | File | `/SetNetworkSettings/SubnetMask` | High
-36 | File | `/setNTP.cgi` | Medium
-37 | File | `/spip.php` | Medium
-38 | ... | ... | ...
+11 | File | `/alphaware/details.php` | High
+12 | File | `/alphaware/summary.php` | High
+13 | File | `/api/` | Low
+14 | File | `/api/admin/store/product/list` | High
+15 | File | `/apply.cgi` | Medium
+16 | File | `/boat/login.php` | High
+17 | File | `/bsms_ci/index.php/book` | High
+18 | File | `/cgi-bin/wlogin.cgi` | High
+19 | File | `/config/myfield/test.php` | High
+20 | File | `/debug/pprof` | Medium
+21 | File | `/ecshop/admin/template.php` | High
+22 | File | `/eduauth/student/search.php` | High
+23 | File | `/forum/away.php` | High
+24 | File | `/fudforum/adm/hlplist.php` | High
+25 | File | `/geoserver/rest/about/status` | High
+26 | File | `/goform/formDefault` | High
+27 | File | `/goform/formLogin` | High
+28 | File | `/goform/formSysCmd` | High
+29 | File | `/goform/fromSetWirelessRepeat` | High
+30 | File | `/goform/WifiBasicSet` | High
+31 | File | `/index.php` | Medium
+32 | File | `/list.php` | Medium
+33 | File | `/login/index.php` | High
+34 | File | `/medicines/profile.php` | High
+35 | File | `/Moosikay/order.php` | High
+36 | File | `/philosophy/admin/user/controller.php?action=add` | High
+37 | File | `/php-opos/signup.php` | High
+38 | File | `/reservation/add_message.php` | High
+39 | File | `/SetNetworkSettings/SubnetMask` | High
+40 | File | `/setNTP.cgi` | Medium
+41 | File | `/spip.php` | Medium
+42 | ... | ... | ...
 
-There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 361 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BianLian/README.md

@@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BianLian:
 
-* [SC](https://vuldb.com/?country.sc)
 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)
+* [DE](https://vuldb.com/?country.de)
+* [RU](https://vuldb.com/?country.ru)
 * ...
 
-There are 17 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -21,21 +21,45 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
-2 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
-3 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
-4 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
-5 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
-6 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
-7 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
-8 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
-9 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
-10 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
-11 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
-12 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
-13 | ... | ... | ... | ...
+1 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
+2 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
+3 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
+4 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
+5 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
+6 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
+7 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
+8 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
+9 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
+10 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
+11 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
+12 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
+13 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
+14 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
+15 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
+16 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
+17 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
+18 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
+19 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
+20 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
+21 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
+22 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
+23 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
+24 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
+25 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
+26 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
+27 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
+28 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
+29 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
+30 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
+31 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
+32 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
+33 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
+34 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
+35 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
+36 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
+37 | ... | ... | ... | ...
 
-There are 46 more IOC items available. Please use our online service to access the data.
+There are 142 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -43,14 +67,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
-2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
 
-There are 22 more TTP items available. Please use our online service to access the data.
+There are 11 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -58,57 +80,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/addQuestion.php` | High
-3 | File | `/admin/conferences/get-all-status/` | High
-4 | File | `/admin/conferences/list/` | High
-5 | File | `/admin/countrymanagement.php` | High
-6 | File | `/admin/general/change-lang` | High
-7 | File | `/admin/group/list/` | High
-8 | File | `/admin/renewaldue.php` | High
-9 | File | `/admin/usermanagement.php` | High
-10 | File | `/admin/ztliuyan_sendmail.php` | High
-11 | File | `/api/RecordingList/DownloadRecord?file=` | High
-12 | File | `/api/v1/chat.getThreadsList` | High
-13 | File | `/app1/admin#foo` | High
-14 | File | `/aya/module/admin/ust_tab_e.inc.php` | High
-15 | File | `/backups/` | Medium
-16 | File | `/bl-plugins/backup/plugin.php` | High
-17 | File | `/category.php` | High
-18 | File | `/cgi-bin/editBookmark` | High
-19 | File | `/chart` | Low
-20 | File | `/classes/Master.php?f=delete_appointment` | High
-21 | File | `/Core/Ap4Utils.h` | High
-22 | File | `/ctpms/classes/Master.php?f=delete_application` | High
-23 | File | `/front/roomtype-details.php` | High
-24 | File | `/goform/aspForm` | High
-25 | File | `/hdf5/src/H5T.c` | High
-26 | File | `/homeaction.php` | High
-27 | File | `/horde/imp/search.php` | High
-28 | File | `/index.php` | Medium
-29 | File | `/installer/upgrade_start` | High
-30 | File | `/Items/*/RemoteImages/Download` | High
-31 | File | `/items/view_item.php` | High
-32 | File | `/lan.asp` | Medium
-33 | File | `/librarian/bookdetails.php` | High
-34 | File | `/lists/admin/` | High
-35 | File | `/login/index.php` | High
-36 | File | `/mail/index.html` | High
-37 | File | `/navigate/navigate_download.php` | High
-38 | File | `/public/plugins/` | High
-39 | File | `/rapi/read_url` | High
-40 | File | `/reps/admin/?page=agents/manage_agent` | High
-41 | File | `/rest/api/1.0/render` | High
-42 | File | `/rest/api/latest/projectvalidate/key` | High
-43 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
-44 | ... | ... | ...
+1 | File | `/login/index.php` | High
+2 | File | `/usr/local/psa/admin/sbin/wrapper` | High
+3 | File | `/WEB-INF/web.xml` | High
+4 | ... | ... | ...
 
-There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
+* https://redacted.com/blog/bianlian-ransomware-gang-continues-to-evolve/
 * https://rhisac.org/threat-intelligence/bianlian-ransomware-expanding-c2-infrastructure-and-operational-tempo/
 
 ## Literature

actors/BlueFox/README.md

@@ -47,20 +47,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/index.php` | Medium
-2 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-3 | File | `adclick.php` | Medium
-4 | File | `addtocart.asp` | High
-5 | File | `admin/adm/test.php` | High
-6 | File | `agora.cgi` | Medium
-7 | File | `books.php` | Medium
-8 | File | `cat.asp` | Low
-9 | File | `catalog.php` | Medium
-10 | File | `categories.php` | High
-11 | File | `default.php` | Medium
+1 | File | `/forum/away.php` | High
+2 | File | `/index.php` | Medium
+3 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+4 | File | `adclick.php` | Medium
+5 | File | `addtocart.asp` | High
+6 | File | `admin/adm/test.php` | High
+7 | File | `agora.cgi` | Medium
+8 | File | `books.php` | Medium
+9 | File | `cat.asp` | Low
+10 | File | `catalog.php` | Medium
+11 | File | `categories.php` | High
 12 | ... | ... | ...
 
-There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 92 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Brazil Unknown/README.md

@@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [BR](https://vuldb.com/?country.br)
-* [CN](https://vuldb.com/?country.cn)
+* [GB](https://vuldb.com/?country.gb)
 * ...
 
 There are 10 more country items available. Please use our online service to access the data.
@@ -1422,23 +1422,26 @@ ID | Type | Indicator | Confidence
 9 | File | `/mygym/admin/index.php?view_exercises` | High
 10 | File | `/php-opos/index.php` | High
 11 | File | `/php-scrm/login.php` | High
-12 | File | `/textpattern/index.php` | High
-13 | File | `/tmp` | Low
-14 | File | `account-signup.php` | High
-15 | File | `account/signup.php` | High
-16 | File | `addentry.php` | Medium
-17 | File | `admin-ajax.php` | High
-18 | File | `admin.php` | Medium
-19 | File | `admin/admin.php?action=users&mode=info&user=2` | High
-20 | File | `admin/admin_editor.php` | High
-21 | File | `admin/conf_users_edit.php` | High
-22 | File | `adminer.php` | Medium
-23 | File | `articulo.php` | Medium
-24 | File | `blocks/block-Old_Articles.php` | High
-25 | File | `bp_ncom.php` | Medium
-26 | ... | ... | ...
+12 | File | `/public/launchNewWindow.jsp` | High
+13 | File | `/textpattern/index.php` | High
+14 | File | `/tmp` | Low
+15 | File | `account-signup.php` | High
+16 | File | `account/signup.php` | High
+17 | File | `activenews_view.asp` | High
+18 | File | `addentry.php` | Medium
+19 | File | `admin-ajax.php` | High
+20 | File | `admin.php` | Medium
+21 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+22 | File | `admin/admin_editor.php` | High
+23 | File | `admin/conf_users_edit.php` | High
+24 | File | `adminer.php` | Medium
+25 | File | `articulo.php` | Medium
+26 | File | `art_detalle.php` | High
+27 | File | `banner_add_edit.asp` | High
+28 | File | `blocks/block-Old_Articles.php` | High
+29 | ... | ... | ...
 
-There are 215 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 244 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/British Virgin Islands Unknown/README.md

@@ -104,15 +104,15 @@ ID | Type | Indicator | Confidence
 40 | File | `admin/param/param_func.inc.php` | High
 41 | File | `admin/y_admin.asp` | High
 42 | File | `adminer.php` | Medium
-43 | File | `administrator/components/com_media/helpers/media.php` | High
-44 | File | `admin_ok.asp` | Medium
-45 | File | `affiliates.php` | High
-46 | File | `app/Core/Paginator.php` | High
-47 | File | `artlinks.dispnew.php` | High
-48 | File | `auth.php` | Medium
+43 | File | `administration/admins.php` | High
+44 | File | `administrator/components/com_media/helpers/media.php` | High
+45 | File | `admin_ok.asp` | Medium
+46 | File | `affiliates.php` | High
+47 | File | `app/Core/Paginator.php` | High
+48 | File | `artlinks.dispnew.php` | High
 49 | ... | ... | ...
 
-There are 426 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Brunei Unknown/README.md

@@ -63,17 +63,17 @@ ID | Type | Indicator | Confidence
 3 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 4 | File | `/admin/ajax/avatar.php` | High
 5 | File | `/admin/index.php` | High
-6 | File | `/admin/payment.php` | High
-7 | File | `/admin/show.php` | High
-8 | File | `/api/file_uploader.php` | High
-9 | File | `/api/RecordingList/DownloadRecord?file=` | High
-10 | File | `/default.php?idx=17` | High
-11 | File | `/dev/shm` | Medium
-12 | File | `/download` | Medium
-13 | File | `/forum/away.php` | High
-14 | File | `/goform` | Low
+6 | File | `/admin/lab.php` | High
+7 | File | `/admin/payment.php` | High
+8 | File | `/admin/show.php` | High
+9 | File | `/api/file_uploader.php` | High
+10 | File | `/api/RecordingList/DownloadRecord?file=` | High
+11 | File | `/default.php?idx=17` | High
+12 | File | `/dev/shm` | Medium
+13 | File | `/download` | Medium
+14 | File | `/forum/away.php` | High
 15 | File | `/GponForm/device_Form?script/` | High
-16 | File | `/index.php` | Medium
+16 | File | `/login/index.php` | High
 17 | File | `/mgmt/tm/util/bash` | High
 18 | File | `/net` | Low
 19 | File | `/opt/bin/cli` | Medium

actors/Bulgaria Unknown/README.md

@@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [JP](https://vuldb.com/?country.jp)
-* [ES](https://vuldb.com/?country.es)
+* [DK](https://vuldb.com/?country.dk)
 * ...
 
-There are 22 more country items available. Please use our online service to access the data.
+There are 19 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -21,248 +21,337 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [2.20.45.4](https://vuldb.com/?ip.2.20.45.4) | a2-20-45-4.deploy.static.akamaitechnologies.com | - | High
-2 | [2.20.45.12](https://vuldb.com/?ip.2.20.45.12) | a2-20-45-12.deploy.static.akamaitechnologies.com | - | High
-3 | [2.20.45.92](https://vuldb.com/?ip.2.20.45.92) | a2-20-45-92.deploy.static.akamaitechnologies.com | - | High
-4 | [2.20.45.96](https://vuldb.com/?ip.2.20.45.96) | a2-20-45-96.deploy.static.akamaitechnologies.com | - | High
-5 | [2.56.12.0](https://vuldb.com/?ip.2.56.12.0) | - | - | High
-6 | [2.56.52.0](https://vuldb.com/?ip.2.56.52.0) | - | - | High
-7 | [5.32.128.0](https://vuldb.com/?ip.5.32.128.0) | - | - | High
-8 | [5.53.128.0](https://vuldb.com/?ip.5.53.128.0) | - | - | High
-9 | [5.61.96.0](https://vuldb.com/?ip.5.61.96.0) | - | - | High
-10 | [5.62.60.52](https://vuldb.com/?ip.5.62.60.52) | r-52-60-62-5.consumer-pool.prcdn.net | - | High
-11 | [5.62.62.52](https://vuldb.com/?ip.5.62.62.52) | r-52-62-62-5.consumer-pool.prcdn.net | - | High
-12 | [5.101.217.128](https://vuldb.com/?ip.5.101.217.128) | - | - | High
-13 | [5.104.160.0](https://vuldb.com/?ip.5.104.160.0) | 5.104.161.0.telecom-bg.com | - | High
-14 | [5.132.135.0](https://vuldb.com/?ip.5.132.135.0) | - | - | High
-15 | [5.133.92.0](https://vuldb.com/?ip.5.133.92.0) | - | - | High
-16 | [5.181.28.0](https://vuldb.com/?ip.5.181.28.0) | - | - | High
-17 | [5.181.80.0](https://vuldb.com/?ip.5.181.80.0) | - | - | High
-18 | [5.182.20.0](https://vuldb.com/?ip.5.182.20.0) | - | - | High
-19 | [5.183.228.0](https://vuldb.com/?ip.5.183.228.0) | - | - | High
-20 | [5.183.231.0](https://vuldb.com/?ip.5.183.231.0) | - | - | High
-21 | [8.40.26.0](https://vuldb.com/?ip.8.40.26.0) | - | - | High
-22 | [23.229.0.176](https://vuldb.com/?ip.23.229.0.176) | - | - | High
-23 | [31.6.61.0](https://vuldb.com/?ip.31.6.61.0) | - | - | High
-24 | [31.13.192.0](https://vuldb.com/?ip.31.13.192.0) | - | - | High
-25 | [31.14.180.0](https://vuldb.com/?ip.31.14.180.0) | - | - | High
-26 | [31.14.182.0](https://vuldb.com/?ip.31.14.182.0) | - | - | High
-27 | [31.41.16.0](https://vuldb.com/?ip.31.41.16.0) | - | - | High
-28 | [31.169.124.0](https://vuldb.com/?ip.31.169.124.0) | leo0.ecorenewbs.com | - | High
-29 | [31.186.104.0](https://vuldb.com/?ip.31.186.104.0) | subnet1.mtel.gr | - | High
-30 | [31.211.128.0](https://vuldb.com/?ip.31.211.128.0) | - | - | High
-31 | [34.99.140.0](https://vuldb.com/?ip.34.99.140.0) | 0.140.99.34.bc.googleusercontent.com | - | Medium
-32 | [34.99.212.0](https://vuldb.com/?ip.34.99.212.0) | 0.212.99.34.bc.googleusercontent.com | - | Medium
-33 | [34.103.156.0](https://vuldb.com/?ip.34.103.156.0) | 0.156.103.34.bc.googleusercontent.com | - | Medium
-34 | [37.46.114.0](https://vuldb.com/?ip.37.46.114.0) | bg.as51430.net | - | High
-35 | [37.60.136.0](https://vuldb.com/?ip.37.60.136.0) | - | - | High
-36 | [37.60.224.0](https://vuldb.com/?ip.37.60.224.0) | ip-37-60-224-0.siteground.com | - | High
-37 | [37.63.0.0](https://vuldb.com/?ip.37.63.0.0) | - | - | High
-38 | [37.77.80.0](https://vuldb.com/?ip.37.77.80.0) | - | - | High
-39 | [37.120.152.0](https://vuldb.com/?ip.37.120.152.0) | kyi0.sourrefer.us | - | High
-40 | [37.130.240.0](https://vuldb.com/?ip.37.130.240.0) | net240-ip0.linkbg.com | - | High
-41 | [37.139.128.0](https://vuldb.com/?ip.37.139.128.0) | - | - | High
-42 | [37.143.192.0](https://vuldb.com/?ip.37.143.192.0) | - | - | High
-43 | [37.156.69.0](https://vuldb.com/?ip.37.156.69.0) | 259c4500.static.cust.trined.nl | - | High
-44 | [37.156.70.0](https://vuldb.com/?ip.37.156.70.0) | 259c4600.static.cust.trined.nl | - | High
-45 | [37.157.136.0](https://vuldb.com/?ip.37.157.136.0) | - | - | High
-46 | [37.157.160.0](https://vuldb.com/?ip.37.157.160.0) | begin.force-it.net.160.157.37.in-addr.arpa | - | High
-47 | [37.209.168.0](https://vuldb.com/?ip.37.209.168.0) | - | - | High
-48 | [37.252.247.0](https://vuldb.com/?ip.37.252.247.0) | - | - | High
-49 | [40.127.179.92](https://vuldb.com/?ip.40.127.179.92) | - | - | High
-50 | [43.113.224.128](https://vuldb.com/?ip.43.113.224.128) | - | - | High
-51 | [45.10.188.0](https://vuldb.com/?ip.45.10.188.0) | - | - | High
-52 | [45.12.70.22](https://vuldb.com/?ip.45.12.70.22) | weightiest.get-eye.com | - | High
-53 | [45.12.71.22](https://vuldb.com/?ip.45.12.71.22) | - | - | High
-54 | [45.15.180.0](https://vuldb.com/?ip.45.15.180.0) | - | - | High
-55 | [45.65.68.0](https://vuldb.com/?ip.45.65.68.0) | - | - | High
-56 | [45.66.44.0](https://vuldb.com/?ip.45.66.44.0) | - | - | High
-57 | [45.67.12.0](https://vuldb.com/?ip.45.67.12.0) | - | - | High
-58 | [45.67.88.0](https://vuldb.com/?ip.45.67.88.0) | - | - | High
-59 | [45.67.208.0](https://vuldb.com/?ip.45.67.208.0) | subnet.gcore.lu | - | High
-60 | [45.80.216.0](https://vuldb.com/?ip.45.80.216.0) | - | - | High
-61 | [45.81.176.0](https://vuldb.com/?ip.45.81.176.0) | - | - | High
-62 | [45.83.216.0](https://vuldb.com/?ip.45.83.216.0) | - | - | High
-63 | [45.84.80.0](https://vuldb.com/?ip.45.84.80.0) | - | - | High
-64 | [45.84.172.0](https://vuldb.com/?ip.45.84.172.0) | - | - | High
-65 | [45.84.184.0](https://vuldb.com/?ip.45.84.184.0) | - | - | High
-66 | [45.84.192.0](https://vuldb.com/?ip.45.84.192.0) | 0.192.84.45.static.webnick.net | - | High
-67 | [45.84.194.0](https://vuldb.com/?ip.45.84.194.0) | - | - | High
-68 | [45.88.64.0](https://vuldb.com/?ip.45.88.64.0) | - | - | High
-69 | [45.88.216.0](https://vuldb.com/?ip.45.88.216.0) | - | - | High
-70 | [45.90.56.0](https://vuldb.com/?ip.45.90.56.0) | subnet.ipv4.layer6.net | - | High
-71 | [45.92.16.0](https://vuldb.com/?ip.45.92.16.0) | - | - | High
-72 | [45.128.4.0](https://vuldb.com/?ip.45.128.4.0) | clients.evn.bg | - | High
-73 | [45.128.88.0](https://vuldb.com/?ip.45.128.88.0) | - | - | High
-74 | [45.133.43.0](https://vuldb.com/?ip.45.133.43.0) | - | - | High
-75 | [45.133.92.0](https://vuldb.com/?ip.45.133.92.0) | - | - | High
-76 | [45.133.100.0](https://vuldb.com/?ip.45.133.100.0) | - | - | High
-77 | [45.137.220.0](https://vuldb.com/?ip.45.137.220.0) | - | - | High
-78 | [45.139.2.0](https://vuldb.com/?ip.45.139.2.0) | - | - | High
-79 | [45.140.0.0](https://vuldb.com/?ip.45.140.0.0) | customer.upheads.0.0.140.45 | - | High
-80 | [45.141.232.0](https://vuldb.com/?ip.45.141.232.0) | - | - | High
-81 | [45.142.12.0](https://vuldb.com/?ip.45.142.12.0) | - | - | High
-82 | [45.142.128.0](https://vuldb.com/?ip.45.142.128.0) | - | - | High
-83 | [45.143.36.0](https://vuldb.com/?ip.45.143.36.0) | 45-143-36-0.ip.welcomeitalia.it | - | High
-84 | [45.143.68.0](https://vuldb.com/?ip.45.143.68.0) | - | - | High
-85 | [45.146.140.0](https://vuldb.com/?ip.45.146.140.0) | - | - | High
-86 | [45.147.148.0](https://vuldb.com/?ip.45.147.148.0) | - | - | High
-87 | [45.149.12.0](https://vuldb.com/?ip.45.149.12.0) | - | - | High
-88 | [45.153.108.0](https://vuldb.com/?ip.45.153.108.0) | - | - | High
-89 | [45.154.76.0](https://vuldb.com/?ip.45.154.76.0) | - | - | High
-90 | [45.154.176.0](https://vuldb.com/?ip.45.154.176.0) | loamomro.ip76.abilixsoft.eu | - | High
-91 | [45.158.28.0](https://vuldb.com/?ip.45.158.28.0) | - | - | High
-92 | [45.158.160.0](https://vuldb.com/?ip.45.158.160.0) | - | - | High
-93 | [46.10.0.0](https://vuldb.com/?ip.46.10.0.0) | 46-10-0-0.ip.btc-net.bg | - | High
-94 | [46.16.192.0](https://vuldb.com/?ip.46.16.192.0) | - | - | High
-95 | [46.35.160.0](https://vuldb.com/?ip.46.35.160.0) | - | - | High
-96 | [46.40.64.0](https://vuldb.com/?ip.46.40.64.0) | - | - | High
-97 | [46.47.64.0](https://vuldb.com/?ip.46.47.64.0) | - | - | High
-98 | [46.55.128.0](https://vuldb.com/?ip.46.55.128.0) | - | - | High
-99 | [46.229.192.0](https://vuldb.com/?ip.46.229.192.0) | - | - | High
-100 | [46.232.152.0](https://vuldb.com/?ip.46.232.152.0) | 0.152.232.46.blizoo.bg | - | High
-101 | [46.233.0.0](https://vuldb.com/?ip.46.233.0.0) | - | - | High
-102 | [46.237.64.0](https://vuldb.com/?ip.46.237.64.0) | - | - | High
-103 | [46.238.0.0](https://vuldb.com/?ip.46.238.0.0) | - | - | High
-104 | [46.243.142.0](https://vuldb.com/?ip.46.243.142.0) | - | - | High
-105 | [46.249.64.0](https://vuldb.com/?ip.46.249.64.0) | - | - | High
-106 | [46.252.48.0](https://vuldb.com/?ip.46.252.48.0) | - | - | High
-107 | [46.253.0.0](https://vuldb.com/?ip.46.253.0.0) | - | - | High
-108 | [46.254.128.0](https://vuldb.com/?ip.46.254.128.0) | - | - | High
-109 | [50.225.61.85](https://vuldb.com/?ip.50.225.61.85) | - | - | High
-110 | [57.90.48.0](https://vuldb.com/?ip.57.90.48.0) | - | - | High
-111 | [62.44.96.0](https://vuldb.com/?ip.62.44.96.0) | - | - | High
-112 | [62.73.64.0](https://vuldb.com/?ip.62.73.64.0) | - | - | High
-113 | [62.176.64.0](https://vuldb.com/?ip.62.176.64.0) | 62-176-64-0.btc-net.bg | - | High
-114 | [62.182.112.0](https://vuldb.com/?ip.62.182.112.0) | - | - | High
-115 | [62.192.132.0](https://vuldb.com/?ip.62.192.132.0) | - | - | High
-116 | [62.204.128.0](https://vuldb.com/?ip.62.204.128.0) | - | - | High
-117 | [62.221.128.0](https://vuldb.com/?ip.62.221.128.0) | unknown.crc.bg | - | High
-118 | [63.172.48.27](https://vuldb.com/?ip.63.172.48.27) | - | - | High
-119 | [74.80.77.0](https://vuldb.com/?ip.74.80.77.0) | - | - | High
-120 | [77.70.0.0](https://vuldb.com/?ip.77.70.0.0) | - | - | High
-121 | [77.71.0.0](https://vuldb.com/?ip.77.71.0.0) | n1.bgwan.com | - | High
-122 | [77.72.85.0](https://vuldb.com/?ip.77.72.85.0) | - | - | High
-123 | [77.76.0.0](https://vuldb.com/?ip.77.76.0.0) | - | - | High
-124 | [77.76.128.0](https://vuldb.com/?ip.77.76.128.0) | - | - | High
-125 | [77.77.0.0](https://vuldb.com/?ip.77.77.0.0) | - | - | High
-126 | [77.77.128.0](https://vuldb.com/?ip.77.77.128.0) | - | - | High
-127 | [77.77.160.0](https://vuldb.com/?ip.77.77.160.0) | - | - | High
-128 | [77.77.168.0](https://vuldb.com/?ip.77.77.168.0) | - | - | High
-129 | [77.77.168.64](https://vuldb.com/?ip.77.77.168.64) | - | - | High
-130 | [77.77.168.88](https://vuldb.com/?ip.77.77.168.88) | - | - | High
-131 | [77.77.168.96](https://vuldb.com/?ip.77.77.168.96) | - | - | High
-132 | [77.77.168.128](https://vuldb.com/?ip.77.77.168.128) | - | - | High
-133 | [77.77.169.0](https://vuldb.com/?ip.77.77.169.0) | - | - | High
-134 | [77.77.170.0](https://vuldb.com/?ip.77.77.170.0) | - | - | High
-135 | [77.77.172.0](https://vuldb.com/?ip.77.77.172.0) | - | - | High
-136 | [77.77.176.0](https://vuldb.com/?ip.77.77.176.0) | - | - | High
-137 | [77.77.178.0](https://vuldb.com/?ip.77.77.178.0) | - | - | High
-138 | [77.77.179.0](https://vuldb.com/?ip.77.77.179.0) | - | - | High
-139 | [77.77.179.128](https://vuldb.com/?ip.77.77.179.128) | - | - | High
-140 | [77.77.179.192](https://vuldb.com/?ip.77.77.179.192) | - | - | High
-141 | [77.77.179.208](https://vuldb.com/?ip.77.77.179.208) | - | - | High
-142 | [77.77.179.224](https://vuldb.com/?ip.77.77.179.224) | - | - | High
-143 | [77.77.179.240](https://vuldb.com/?ip.77.77.179.240) | - | - | High
-144 | [77.77.180.0](https://vuldb.com/?ip.77.77.180.0) | - | - | High
-145 | [77.77.184.0](https://vuldb.com/?ip.77.77.184.0) | - | - | High
-146 | [77.78.0.0](https://vuldb.com/?ip.77.78.0.0) | - | - | High
-147 | [77.78.128.0](https://vuldb.com/?ip.77.78.128.0) | - | - | High
-148 | [77.83.112.0](https://vuldb.com/?ip.77.83.112.0) | - | - | High
-149 | [77.85.0.0](https://vuldb.com/?ip.77.85.0.0) | - | - | High
-150 | [77.95.232.0](https://vuldb.com/?ip.77.95.232.0) | - | - | High
-151 | [77.104.128.0](https://vuldb.com/?ip.77.104.128.0) | ip-77-104-128-0.siteground.com | - | High
-152 | [77.220.196.0](https://vuldb.com/?ip.77.220.196.0) | - | - | High
-153 | [77.236.160.0](https://vuldb.com/?ip.77.236.160.0) | - | - | High
-154 | [77.238.64.0](https://vuldb.com/?ip.77.238.64.0) | - | - | High
-155 | [77.244.192.0](https://vuldb.com/?ip.77.244.192.0) | net192-ip0.linkbg.com | - | High
-156 | [77.246.208.0](https://vuldb.com/?ip.77.246.208.0) | - | - | High
-157 | [78.40.136.0](https://vuldb.com/?ip.78.40.136.0) | - | - | High
-158 | [78.83.0.0](https://vuldb.com/?ip.78.83.0.0) | - | - | High
-159 | [78.90.0.0](https://vuldb.com/?ip.78.90.0.0) | - | - | High
-160 | [78.108.240.0](https://vuldb.com/?ip.78.108.240.0) | - | - | High
-161 | [78.128.0.0](https://vuldb.com/?ip.78.128.0.0) | - | - | High
-162 | [78.128.64.0](https://vuldb.com/?ip.78.128.64.0) | - | - | High
-163 | [78.128.96.0](https://vuldb.com/?ip.78.128.96.0) | - | - | High
-164 | [78.128.112.0](https://vuldb.com/?ip.78.128.112.0) | - | - | High
-165 | [78.128.120.0](https://vuldb.com/?ip.78.128.120.0) | - | - | High
-166 | [78.128.124.0](https://vuldb.com/?ip.78.128.124.0) | - | - | High
-167 | [78.128.126.0](https://vuldb.com/?ip.78.128.126.0) | - | - | High
-168 | [78.130.128.0](https://vuldb.com/?ip.78.130.128.0) | - | - | High
-169 | [78.142.0.0](https://vuldb.com/?ip.78.142.0.0) | - | - | High
-170 | [78.154.0.0](https://vuldb.com/?ip.78.154.0.0) | - | - | High
-171 | [78.159.128.0](https://vuldb.com/?ip.78.159.128.0) | - | - | High
-172 | [78.159.136.0](https://vuldb.com/?ip.78.159.136.0) | - | - | High
-173 | [78.159.149.0](https://vuldb.com/?ip.78.159.149.0) | - | - | High
-174 | [78.159.150.0](https://vuldb.com/?ip.78.159.150.0) | - | - | High
-175 | [78.159.152.0](https://vuldb.com/?ip.78.159.152.0) | - | - | High
-176 | [79.98.104.0](https://vuldb.com/?ip.79.98.104.0) | - | - | High
-177 | [79.100.0.0](https://vuldb.com/?ip.79.100.0.0) | - | - | High
-178 | [79.110.112.0](https://vuldb.com/?ip.79.110.112.0) | - | - | High
-179 | [79.124.0.0](https://vuldb.com/?ip.79.124.0.0) | - | - | High
-180 | [79.124.64.0](https://vuldb.com/?ip.79.124.64.0) | - | - | High
-181 | [79.124.72.0](https://vuldb.com/?ip.79.124.72.0) | - | - | High
-182 | [79.124.76.0](https://vuldb.com/?ip.79.124.76.0) | - | - | High
-183 | [79.124.78.0](https://vuldb.com/?ip.79.124.78.0) | - | - | High
-184 | [79.124.80.0](https://vuldb.com/?ip.79.124.80.0) | - | - | High
-185 | [79.132.0.0](https://vuldb.com/?ip.79.132.0.0) | - | - | High
-186 | [79.134.48.0](https://vuldb.com/?ip.79.134.48.0) | - | - | High
-187 | [79.134.160.0](https://vuldb.com/?ip.79.134.160.0) | - | - | High
-188 | [79.142.70.0](https://vuldb.com/?ip.79.142.70.0) | bg.as51430.net | - | High
-189 | [80.72.64.0](https://vuldb.com/?ip.80.72.64.0) | - | - | High
-190 | [80.76.48.0](https://vuldb.com/?ip.80.76.48.0) | hosted-by.technox.com.tr | - | High
-191 | [80.78.224.0](https://vuldb.com/?ip.80.78.224.0) | - | - | High
-192 | [80.80.128.0](https://vuldb.com/?ip.80.80.128.0) | - | - | High
-193 | [80.84.137.0](https://vuldb.com/?ip.80.84.137.0) | - | - | High
-194 | [80.95.16.0](https://vuldb.com/?ip.80.95.16.0) | - | - | High
-195 | [80.248.224.146](https://vuldb.com/?ip.80.248.224.146) | - | - | High
-196 | [80.253.48.0](https://vuldb.com/?ip.80.253.48.0) | - | - | High
-197 | [81.2.149.124](https://vuldb.com/?ip.81.2.149.124) | - | - | High
-198 | [81.161.240.0](https://vuldb.com/?ip.81.161.240.0) | - | - | High
-199 | [82.101.64.0](https://vuldb.com/?ip.82.101.64.0) | - | - | High
-200 | [82.102.23.0](https://vuldb.com/?ip.82.102.23.0) | nche0.pelibi.com | - | High
-201 | [82.103.64.0](https://vuldb.com/?ip.82.103.64.0) | - | - | High
-202 | [82.118.224.0](https://vuldb.com/?ip.82.118.224.0) | - | - | High
-203 | [82.118.228.0](https://vuldb.com/?ip.82.118.228.0) | - | - | High
-204 | [82.118.231.0](https://vuldb.com/?ip.82.118.231.0) | 82.118.231.0.telecom-bg.com | - | High
-205 | [82.118.232.0](https://vuldb.com/?ip.82.118.232.0) | 82.118.232.0.telecom-bg.com | - | High
-206 | [82.118.236.0](https://vuldb.com/?ip.82.118.236.0) | - | - | High
-207 | [82.118.240.0](https://vuldb.com/?ip.82.118.240.0) | siteground-office.net | - | High
-208 | [82.119.64.0](https://vuldb.com/?ip.82.119.64.0) | 82.119.64.0.telecom-bg.com | - | High
-209 | [82.137.64.0](https://vuldb.com/?ip.82.137.64.0) | - | - | High
-210 | [82.146.0.0](https://vuldb.com/?ip.82.146.0.0) | - | - | High
-211 | [82.147.128.0](https://vuldb.com/?ip.82.147.128.0) | - | - | High
-212 | [82.195.187.17](https://vuldb.com/?ip.82.195.187.17) | - | - | High
-213 | [83.97.24.0](https://vuldb.com/?ip.83.97.24.0) | - | - | High
-214 | [83.97.64.0](https://vuldb.com/?ip.83.97.64.0) | - | - | High
-215 | [83.142.16.0](https://vuldb.com/?ip.83.142.16.0) | - | - | High
-216 | [83.142.48.0](https://vuldb.com/?ip.83.142.48.0) | 83-142-48-0.dynamic-pool.mclaut.net | - | High
-217 | [83.143.144.0](https://vuldb.com/?ip.83.143.144.0) | - | - | High
-218 | [83.143.176.0](https://vuldb.com/?ip.83.143.176.0) | - | - | High
-219 | [83.143.248.0](https://vuldb.com/?ip.83.143.248.0) | - | - | High
-220 | [83.148.64.0](https://vuldb.com/?ip.83.148.64.0) | - | - | High
-221 | [83.150.216.0](https://vuldb.com/?ip.83.150.216.0) | - | - | High
-222 | [83.222.160.0](https://vuldb.com/?ip.83.222.160.0) | - | - | High
-223 | [83.222.166.0](https://vuldb.com/?ip.83.222.166.0) | - | - | High
-224 | [83.222.168.0](https://vuldb.com/?ip.83.222.168.0) | - | - | High
-225 | [83.222.176.0](https://vuldb.com/?ip.83.222.176.0) | - | - | High
-226 | [83.228.0.0](https://vuldb.com/?ip.83.228.0.0) | - | - | High
-227 | [84.1.42.0](https://vuldb.com/?ip.84.1.42.0) | ktv54012A00.fixip.t-online.hu | - | High
-228 | [84.1.43.0](https://vuldb.com/?ip.84.1.43.0) | ktv54012B00.fixip.t-online.hu | - | High
-229 | [84.1.43.64](https://vuldb.com/?ip.84.1.43.64) | ktv54012B40.fixip.t-online.hu | - | High
-230 | [84.1.43.67](https://vuldb.com/?ip.84.1.43.67) | ktv54012B43.fixip.t-online.hu | - | High
-231 | [84.1.43.68](https://vuldb.com/?ip.84.1.43.68) | ktv54012B44.fixip.t-online.hu | - | High
-232 | [84.1.43.72](https://vuldb.com/?ip.84.1.43.72) | ktv54012B48.fixip.t-online.hu | - | High
-233 | [84.1.43.80](https://vuldb.com/?ip.84.1.43.80) | ktv54012B50.fixip.t-online.hu | - | High
-234 | [84.1.43.96](https://vuldb.com/?ip.84.1.43.96) | ktv54012B60.fixip.t-online.hu | - | High
-235 | [84.1.43.128](https://vuldb.com/?ip.84.1.43.128) | ktv54012B80.fixip.t-online.hu | - | High
-236 | [84.1.44.0](https://vuldb.com/?ip.84.1.44.0) | net44-ip0.suvorovo.org | - | High
-237 | [84.1.154.0](https://vuldb.com/?ip.84.1.154.0) | - | - | High
-238 | [84.1.240.0](https://vuldb.com/?ip.84.1.240.0) | - | - | High
-239 | [84.2.74.0](https://vuldb.com/?ip.84.2.74.0) | - | - | High
-240 | ... | ... | ... | ...
+1 | [2.20.45.0](https://vuldb.com/?ip.2.20.45.0) | a2-20-45-0.deploy.static.akamaitechnologies.com | - | High
+2 | [2.20.45.4](https://vuldb.com/?ip.2.20.45.4) | a2-20-45-4.deploy.static.akamaitechnologies.com | - | High
+3 | [2.20.45.12](https://vuldb.com/?ip.2.20.45.12) | a2-20-45-12.deploy.static.akamaitechnologies.com | - | High
+4 | [2.20.45.92](https://vuldb.com/?ip.2.20.45.92) | a2-20-45-92.deploy.static.akamaitechnologies.com | - | High
+5 | [2.20.45.96](https://vuldb.com/?ip.2.20.45.96) | a2-20-45-96.deploy.static.akamaitechnologies.com | - | High
+6 | [2.21.68.0](https://vuldb.com/?ip.2.21.68.0) | a2-21-68-0.deploy.static.akamaitechnologies.com | - | High
+7 | [2.56.12.0](https://vuldb.com/?ip.2.56.12.0) | - | - | High
+8 | [2.56.52.0](https://vuldb.com/?ip.2.56.52.0) | - | - | High
+9 | [2.58.92.0](https://vuldb.com/?ip.2.58.92.0) | - | - | High
+10 | [5.32.128.0](https://vuldb.com/?ip.5.32.128.0) | - | - | High
+11 | [5.53.128.0](https://vuldb.com/?ip.5.53.128.0) | - | - | High
+12 | [5.61.96.0](https://vuldb.com/?ip.5.61.96.0) | - | - | High
+13 | [5.62.60.52](https://vuldb.com/?ip.5.62.60.52) | r-52-60-62-5.consumer-pool.prcdn.net | - | High
+14 | [5.62.62.52](https://vuldb.com/?ip.5.62.62.52) | r-52-62-62-5.consumer-pool.prcdn.net | - | High
+15 | [5.101.217.128](https://vuldb.com/?ip.5.101.217.128) | - | - | High
+16 | [5.101.219.0](https://vuldb.com/?ip.5.101.219.0) | - | - | High
+17 | [5.104.160.0](https://vuldb.com/?ip.5.104.160.0) | 5.104.161.0.telecom-bg.com | - | High
+18 | [5.132.135.0](https://vuldb.com/?ip.5.132.135.0) | - | - | High
+19 | [5.133.92.0](https://vuldb.com/?ip.5.133.92.0) | - | - | High
+20 | [5.181.19.0](https://vuldb.com/?ip.5.181.19.0) | - | - | High
+21 | [5.181.28.0](https://vuldb.com/?ip.5.181.28.0) | - | - | High
+22 | [5.181.55.0](https://vuldb.com/?ip.5.181.55.0) | - | - | High
+23 | [5.181.80.0](https://vuldb.com/?ip.5.181.80.0) | - | - | High
+24 | [5.182.20.0](https://vuldb.com/?ip.5.182.20.0) | - | - | High
+25 | [5.183.228.0](https://vuldb.com/?ip.5.183.228.0) | - | - | High
+26 | [5.183.231.0](https://vuldb.com/?ip.5.183.231.0) | - | - | High
+27 | [5.188.206.0](https://vuldb.com/?ip.5.188.206.0) | - | - | High
+28 | [8.40.26.0](https://vuldb.com/?ip.8.40.26.0) | - | - | High
+29 | [23.223.112.0](https://vuldb.com/?ip.23.223.112.0) | a23-223-112-0.deploy.static.akamaitechnologies.com | - | High
+30 | [23.223.128.0](https://vuldb.com/?ip.23.223.128.0) | a23-223-128-0.deploy.static.akamaitechnologies.com | - | High
+31 | [23.229.0.176](https://vuldb.com/?ip.23.229.0.176) | - | - | High
+32 | [31.6.61.0](https://vuldb.com/?ip.31.6.61.0) | - | - | High
+33 | [31.7.174.0](https://vuldb.com/?ip.31.7.174.0) | - | - | High
+34 | [31.13.192.0](https://vuldb.com/?ip.31.13.192.0) | - | - | High
+35 | [31.13.208.0](https://vuldb.com/?ip.31.13.208.0) | - | - | High
+36 | [31.13.211.0](https://vuldb.com/?ip.31.13.211.0) | - | - | High
+37 | [31.13.212.0](https://vuldb.com/?ip.31.13.212.0) | - | - | High
+38 | [31.13.215.0](https://vuldb.com/?ip.31.13.215.0) | - | - | High
+39 | [31.13.216.0](https://vuldb.com/?ip.31.13.216.0) | - | - | High
+40 | [31.13.224.0](https://vuldb.com/?ip.31.13.224.0) | - | - | High
+41 | [31.14.180.0](https://vuldb.com/?ip.31.14.180.0) | - | - | High
+42 | [31.14.182.0](https://vuldb.com/?ip.31.14.182.0) | - | - | High
+43 | [31.41.16.0](https://vuldb.com/?ip.31.41.16.0) | - | - | High
+44 | [31.169.124.0](https://vuldb.com/?ip.31.169.124.0) | leo0.ecorenewbs.com | - | High
+45 | [31.186.104.0](https://vuldb.com/?ip.31.186.104.0) | subnet1.mtel.gr | - | High
+46 | [31.210.9.0](https://vuldb.com/?ip.31.210.9.0) | - | - | High
+47 | [31.210.12.0](https://vuldb.com/?ip.31.210.12.0) | - | - | High
+48 | [31.211.128.0](https://vuldb.com/?ip.31.211.128.0) | - | - | High
+49 | [32.106.113.0](https://vuldb.com/?ip.32.106.113.0) | - | - | High
+50 | [34.99.140.0](https://vuldb.com/?ip.34.99.140.0) | 0.140.99.34.bc.googleusercontent.com | - | Medium
+51 | [34.99.212.0](https://vuldb.com/?ip.34.99.212.0) | 0.212.99.34.bc.googleusercontent.com | - | Medium
+52 | [34.103.156.0](https://vuldb.com/?ip.34.103.156.0) | 0.156.103.34.bc.googleusercontent.com | - | Medium
+53 | [34.103.223.0](https://vuldb.com/?ip.34.103.223.0) | 0.223.103.34.bc.googleusercontent.com | - | Medium
+54 | [37.19.203.0](https://vuldb.com/?ip.37.19.203.0) | unn-37-19-203-0.datapacket.com | - | High
+55 | [37.46.114.0](https://vuldb.com/?ip.37.46.114.0) | bg.as51430.net | - | High
+56 | [37.60.136.0](https://vuldb.com/?ip.37.60.136.0) | - | - | High
+57 | [37.60.140.0](https://vuldb.com/?ip.37.60.140.0) | 37-60-140-0.zee.bg | - | High
+58 | [37.60.143.0](https://vuldb.com/?ip.37.60.143.0) | - | - | High
+59 | [37.60.224.0](https://vuldb.com/?ip.37.60.224.0) | ip-37-60-224-0.siteground.com | - | High
+60 | [37.63.0.0](https://vuldb.com/?ip.37.63.0.0) | - | - | High
+61 | [37.72.130.0](https://vuldb.com/?ip.37.72.130.0) | - | - | High
+62 | [37.77.80.0](https://vuldb.com/?ip.37.77.80.0) | - | - | High
+63 | [37.120.152.0](https://vuldb.com/?ip.37.120.152.0) | kyi0.sourrefer.us | - | High
+64 | [37.130.240.0](https://vuldb.com/?ip.37.130.240.0) | net240-ip0.linkbg.com | - | High
+65 | [37.139.128.0](https://vuldb.com/?ip.37.139.128.0) | - | - | High
+66 | [37.143.192.0](https://vuldb.com/?ip.37.143.192.0) | - | - | High
+67 | [37.156.69.0](https://vuldb.com/?ip.37.156.69.0) | 259c4500.static.cust.trined.nl | - | High
+68 | [37.156.70.0](https://vuldb.com/?ip.37.156.70.0) | 259c4600.static.cust.trined.nl | - | High
+69 | [37.157.136.0](https://vuldb.com/?ip.37.157.136.0) | - | - | High
+70 | [37.157.160.0](https://vuldb.com/?ip.37.157.160.0) | begin.force-it.net.160.157.37.in-addr.arpa | - | High
+71 | [37.209.168.0](https://vuldb.com/?ip.37.209.168.0) | - | - | High
+72 | [37.221.120.0](https://vuldb.com/?ip.37.221.120.0) | server.modernizmir.net | - | High
+73 | [37.252.247.0](https://vuldb.com/?ip.37.252.247.0) | - | - | High
+74 | [40.127.179.92](https://vuldb.com/?ip.40.127.179.92) | - | - | High
+75 | [43.113.224.128](https://vuldb.com/?ip.43.113.224.128) | - | - | High
+76 | [45.10.188.0](https://vuldb.com/?ip.45.10.188.0) | - | - | High
+77 | [45.12.70.22](https://vuldb.com/?ip.45.12.70.22) | weightiest.get-eye.com | - | High
+78 | [45.12.71.22](https://vuldb.com/?ip.45.12.71.22) | - | - | High
+79 | [45.15.180.0](https://vuldb.com/?ip.45.15.180.0) | - | - | High
+80 | [45.65.68.0](https://vuldb.com/?ip.45.65.68.0) | - | - | High
+81 | [45.65.71.0](https://vuldb.com/?ip.45.65.71.0) | - | - | High
+82 | [45.66.44.0](https://vuldb.com/?ip.45.66.44.0) | - | - | High
+83 | [45.67.12.0](https://vuldb.com/?ip.45.67.12.0) | - | - | High
+84 | [45.67.19.0](https://vuldb.com/?ip.45.67.19.0) | - | - | High
+85 | [45.67.88.0](https://vuldb.com/?ip.45.67.88.0) | - | - | High
+86 | [45.67.208.0](https://vuldb.com/?ip.45.67.208.0) | subnet.gcore.lu | - | High
+87 | [45.80.216.0](https://vuldb.com/?ip.45.80.216.0) | - | - | High
+88 | [45.81.176.0](https://vuldb.com/?ip.45.81.176.0) | - | - | High
+89 | [45.83.148.0](https://vuldb.com/?ip.45.83.148.0) | - | - | High
+90 | [45.83.216.0](https://vuldb.com/?ip.45.83.216.0) | - | - | High
+91 | [45.84.80.0](https://vuldb.com/?ip.45.84.80.0) | - | - | High
+92 | [45.84.172.0](https://vuldb.com/?ip.45.84.172.0) | - | - | High
+93 | [45.84.184.0](https://vuldb.com/?ip.45.84.184.0) | - | - | High
+94 | [45.84.192.0](https://vuldb.com/?ip.45.84.192.0) | 0.192.84.45.static.webnick.net | - | High
+95 | [45.84.194.0](https://vuldb.com/?ip.45.84.194.0) | - | - | High
+96 | [45.88.64.0](https://vuldb.com/?ip.45.88.64.0) | - | - | High
+97 | [45.88.216.0](https://vuldb.com/?ip.45.88.216.0) | - | - | High
+98 | [45.90.56.0](https://vuldb.com/?ip.45.90.56.0) | subnet.ipv4.layer6.net | - | High
+99 | [45.91.67.0](https://vuldb.com/?ip.45.91.67.0) | no-rdns.consort.network | - | High
+100 | [45.92.16.0](https://vuldb.com/?ip.45.92.16.0) | - | - | High
+101 | [45.128.4.0](https://vuldb.com/?ip.45.128.4.0) | clients.evn.bg | - | High
+102 | [45.128.88.0](https://vuldb.com/?ip.45.128.88.0) | - | - | High
+103 | [45.133.43.0](https://vuldb.com/?ip.45.133.43.0) | - | - | High
+104 | [45.133.92.0](https://vuldb.com/?ip.45.133.92.0) | - | - | High
+105 | [45.133.100.0](https://vuldb.com/?ip.45.133.100.0) | - | - | High
+106 | [45.137.220.0](https://vuldb.com/?ip.45.137.220.0) | - | - | High
+107 | [45.139.2.0](https://vuldb.com/?ip.45.139.2.0) | - | - | High
+108 | [45.140.0.0](https://vuldb.com/?ip.45.140.0.0) | customer.upheads.0.0.140.45 | - | High
+109 | [45.141.157.0](https://vuldb.com/?ip.45.141.157.0) | - | - | High
+110 | [45.141.232.0](https://vuldb.com/?ip.45.141.232.0) | - | - | High
+111 | [45.142.12.0](https://vuldb.com/?ip.45.142.12.0) | - | - | High
+112 | [45.142.120.0](https://vuldb.com/?ip.45.142.120.0) | - | - | High
+113 | [45.142.128.0](https://vuldb.com/?ip.45.142.128.0) | - | - | High
+114 | [45.142.130.0](https://vuldb.com/?ip.45.142.130.0) | - | - | High
+115 | [45.143.36.0](https://vuldb.com/?ip.45.143.36.0) | 45-143-36-0.ip.welcomeitalia.it | - | High
+116 | [45.143.68.0](https://vuldb.com/?ip.45.143.68.0) | - | - | High
+117 | [45.143.200.0](https://vuldb.com/?ip.45.143.200.0) | - | - | High
+118 | [45.144.152.0](https://vuldb.com/?ip.45.144.152.0) | - | - | High
+119 | [45.144.154.0](https://vuldb.com/?ip.45.144.154.0) | - | - | High
+120 | [45.146.140.0](https://vuldb.com/?ip.45.146.140.0) | - | - | High
+121 | [45.147.148.0](https://vuldb.com/?ip.45.147.148.0) | - | - | High
+122 | [45.149.12.0](https://vuldb.com/?ip.45.149.12.0) | - | - | High
+123 | [45.149.240.0](https://vuldb.com/?ip.45.149.240.0) | 45-149-240-0.mastereducation.lol | - | High
+124 | [45.151.88.0](https://vuldb.com/?ip.45.151.88.0) | - | - | High
+125 | [45.153.108.0](https://vuldb.com/?ip.45.153.108.0) | - | - | High
+126 | [45.153.109.0](https://vuldb.com/?ip.45.153.109.0) | - | - | High
+127 | [45.153.110.0](https://vuldb.com/?ip.45.153.110.0) | - | - | High
+128 | [45.154.76.0](https://vuldb.com/?ip.45.154.76.0) | - | - | High
+129 | [45.154.176.0](https://vuldb.com/?ip.45.154.176.0) | loamomro.ip76.abilixsoft.eu | - | High
+130 | [45.158.28.0](https://vuldb.com/?ip.45.158.28.0) | - | - | High
+131 | [45.158.160.0](https://vuldb.com/?ip.45.158.160.0) | - | - | High
+132 | [46.10.0.0](https://vuldb.com/?ip.46.10.0.0) | 46-10-0-0.ip.btc-net.bg | - | High
+133 | [46.16.192.0](https://vuldb.com/?ip.46.16.192.0) | - | - | High
+134 | [46.35.160.0](https://vuldb.com/?ip.46.35.160.0) | - | - | High
+135 | [46.40.64.0](https://vuldb.com/?ip.46.40.64.0) | - | - | High
+136 | [46.47.64.0](https://vuldb.com/?ip.46.47.64.0) | - | - | High
+137 | [46.55.128.0](https://vuldb.com/?ip.46.55.128.0) | - | - | High
+138 | [46.107.239.0](https://vuldb.com/?ip.46.107.239.0) | mlln2E6BEF00.fixip.t-online.hu | - | High
+139 | [46.229.192.0](https://vuldb.com/?ip.46.229.192.0) | - | - | High
+140 | [46.232.152.0](https://vuldb.com/?ip.46.232.152.0) | 0.152.232.46.blizoo.bg | - | High
+141 | [46.233.0.0](https://vuldb.com/?ip.46.233.0.0) | - | - | High
+142 | [46.237.64.0](https://vuldb.com/?ip.46.237.64.0) | - | - | High
+143 | [46.238.0.0](https://vuldb.com/?ip.46.238.0.0) | - | - | High
+144 | [46.243.142.0](https://vuldb.com/?ip.46.243.142.0) | - | - | High
+145 | [46.249.64.0](https://vuldb.com/?ip.46.249.64.0) | - | - | High
+146 | [46.252.48.0](https://vuldb.com/?ip.46.252.48.0) | - | - | High
+147 | [46.253.0.0](https://vuldb.com/?ip.46.253.0.0) | - | - | High
+148 | [46.253.134.0](https://vuldb.com/?ip.46.253.134.0) | - | - | High
+149 | [46.254.128.0](https://vuldb.com/?ip.46.254.128.0) | - | - | High
+150 | [50.7.46.0](https://vuldb.com/?ip.50.7.46.0) | - | - | High
+151 | [50.225.61.85](https://vuldb.com/?ip.50.225.61.85) | - | - | High
+152 | [52.46.56.0](https://vuldb.com/?ip.52.46.56.0) | server-52-46-56-0.sof50.r.cloudfront.net | - | High
+153 | [52.84.112.0](https://vuldb.com/?ip.52.84.112.0) | server-52-84-112-0.sof50.r.cloudfront.net | - | High
+154 | [52.84.144.0](https://vuldb.com/?ip.52.84.144.0) | server-52-84-144-0.sof50.r.cloudfront.net | - | High
+155 | [52.85.4.0](https://vuldb.com/?ip.52.85.4.0) | server-52-85-4-0.sof50.r.cloudfront.net | - | High
+156 | [52.85.101.0](https://vuldb.com/?ip.52.85.101.0) | server-52-85-101-0.sof50.r.cloudfront.net | - | High
+157 | [52.85.102.0](https://vuldb.com/?ip.52.85.102.0) | server-52-85-102-0.sof50.r.cloudfront.net | - | High
+158 | [57.90.48.0](https://vuldb.com/?ip.57.90.48.0) | - | - | High
+159 | [62.44.96.0](https://vuldb.com/?ip.62.44.96.0) | - | - | High
+160 | [62.67.16.0](https://vuldb.com/?ip.62.67.16.0) | - | - | High
+161 | [62.67.210.0](https://vuldb.com/?ip.62.67.210.0) | - | - | High
+162 | [62.73.64.0](https://vuldb.com/?ip.62.73.64.0) | - | - | High
+163 | [62.133.59.0](https://vuldb.com/?ip.62.133.59.0) | - | - | High
+164 | [62.176.64.0](https://vuldb.com/?ip.62.176.64.0) | 62-176-64-0.btc-net.bg | - | High
+165 | [62.182.112.0](https://vuldb.com/?ip.62.182.112.0) | - | - | High
+166 | [62.192.132.0](https://vuldb.com/?ip.62.192.132.0) | - | - | High
+167 | [62.204.128.0](https://vuldb.com/?ip.62.204.128.0) | - | - | High
+168 | [62.221.128.0](https://vuldb.com/?ip.62.221.128.0) | unknown.crc.bg | - | High
+169 | [62.233.37.0](https://vuldb.com/?ip.62.233.37.0) | - | - | High
+170 | [63.172.48.27](https://vuldb.com/?ip.63.172.48.27) | - | - | High
+171 | [66.84.75.0](https://vuldb.com/?ip.66.84.75.0) | lo0.pex1.bb.sof1.continent8.com | - | High
+172 | [66.159.221.0](https://vuldb.com/?ip.66.159.221.0) | - | - | High
+173 | [74.80.77.0](https://vuldb.com/?ip.74.80.77.0) | - | - | High
+174 | [77.70.0.0](https://vuldb.com/?ip.77.70.0.0) | - | - | High
+175 | [77.71.0.0](https://vuldb.com/?ip.77.71.0.0) | n1.bgwan.com | - | High
+176 | [77.72.20.0](https://vuldb.com/?ip.77.72.20.0) | - | - | High
+177 | [77.72.85.0](https://vuldb.com/?ip.77.72.85.0) | - | - | High
+178 | [77.76.0.0](https://vuldb.com/?ip.77.76.0.0) | - | - | High
+179 | [77.76.128.0](https://vuldb.com/?ip.77.76.128.0) | - | - | High
+180 | [77.77.0.0](https://vuldb.com/?ip.77.77.0.0) | - | - | High
+181 | [77.77.128.0](https://vuldb.com/?ip.77.77.128.0) | - | - | High
+182 | [77.77.136.0](https://vuldb.com/?ip.77.77.136.0) | - | - | High
+183 | [77.77.140.0](https://vuldb.com/?ip.77.77.140.0) | - | - | High
+184 | [77.77.142.0](https://vuldb.com/?ip.77.77.142.0) | - | - | High
+185 | [77.77.144.0](https://vuldb.com/?ip.77.77.144.0) | - | - | High
+186 | [77.77.150.0](https://vuldb.com/?ip.77.77.150.0) | - | - | High
+187 | [77.77.152.0](https://vuldb.com/?ip.77.77.152.0) | - | - | High
+188 | [77.77.160.0](https://vuldb.com/?ip.77.77.160.0) | - | - | High
+189 | [77.77.168.0](https://vuldb.com/?ip.77.77.168.0) | - | - | High
+190 | [77.77.168.64](https://vuldb.com/?ip.77.77.168.64) | - | - | High
+191 | [77.77.168.88](https://vuldb.com/?ip.77.77.168.88) | - | - | High
+192 | [77.77.168.96](https://vuldb.com/?ip.77.77.168.96) | - | - | High
+193 | [77.77.168.128](https://vuldb.com/?ip.77.77.168.128) | - | - | High
+194 | [77.77.169.0](https://vuldb.com/?ip.77.77.169.0) | - | - | High
+195 | [77.77.170.0](https://vuldb.com/?ip.77.77.170.0) | - | - | High
+196 | [77.77.172.0](https://vuldb.com/?ip.77.77.172.0) | - | - | High
+197 | [77.77.176.0](https://vuldb.com/?ip.77.77.176.0) | - | - | High
+198 | [77.77.178.0](https://vuldb.com/?ip.77.77.178.0) | - | - | High
+199 | [77.77.179.0](https://vuldb.com/?ip.77.77.179.0) | - | - | High
+200 | [77.77.179.128](https://vuldb.com/?ip.77.77.179.128) | - | - | High
+201 | [77.77.179.192](https://vuldb.com/?ip.77.77.179.192) | - | - | High
+202 | [77.77.179.208](https://vuldb.com/?ip.77.77.179.208) | - | - | High
+203 | [77.77.179.224](https://vuldb.com/?ip.77.77.179.224) | - | - | High
+204 | [77.77.179.240](https://vuldb.com/?ip.77.77.179.240) | - | - | High
+205 | [77.77.180.0](https://vuldb.com/?ip.77.77.180.0) | - | - | High
+206 | [77.77.184.0](https://vuldb.com/?ip.77.77.184.0) | - | - | High
+207 | [77.78.0.0](https://vuldb.com/?ip.77.78.0.0) | - | - | High
+208 | [77.78.128.0](https://vuldb.com/?ip.77.78.128.0) | - | - | High
+209 | [77.83.112.0](https://vuldb.com/?ip.77.83.112.0) | - | - | High
+210 | [77.85.0.0](https://vuldb.com/?ip.77.85.0.0) | - | - | High
+211 | [77.95.232.0](https://vuldb.com/?ip.77.95.232.0) | - | - | High
+212 | [77.104.128.0](https://vuldb.com/?ip.77.104.128.0) | ip-77-104-128-0.siteground.com | - | High
+213 | [77.104.187.0](https://vuldb.com/?ip.77.104.187.0) | ip-77-104-187-0.siteground.com | - | High
+214 | [77.220.196.0](https://vuldb.com/?ip.77.220.196.0) | - | - | High
+215 | [77.236.160.0](https://vuldb.com/?ip.77.236.160.0) | - | - | High
+216 | [77.238.64.0](https://vuldb.com/?ip.77.238.64.0) | - | - | High
+217 | [77.244.192.0](https://vuldb.com/?ip.77.244.192.0) | net192-ip0.linkbg.com | - | High
+218 | [77.246.208.0](https://vuldb.com/?ip.77.246.208.0) | - | - | High
+219 | [78.40.136.0](https://vuldb.com/?ip.78.40.136.0) | - | - | High
+220 | [78.40.140.0](https://vuldb.com/?ip.78.40.140.0) | - | - | High
+221 | [78.40.142.0](https://vuldb.com/?ip.78.40.142.0) | - | - | High
+222 | [78.83.0.0](https://vuldb.com/?ip.78.83.0.0) | - | - | High
+223 | [78.90.0.0](https://vuldb.com/?ip.78.90.0.0) | - | - | High
+224 | [78.108.240.0](https://vuldb.com/?ip.78.108.240.0) | - | - | High
+225 | [78.128.0.0](https://vuldb.com/?ip.78.128.0.0) | - | - | High
+226 | [78.128.64.0](https://vuldb.com/?ip.78.128.64.0) | - | - | High
+227 | [78.128.96.0](https://vuldb.com/?ip.78.128.96.0) | - | - | High
+228 | [78.128.112.0](https://vuldb.com/?ip.78.128.112.0) | - | - | High
+229 | [78.128.120.0](https://vuldb.com/?ip.78.128.120.0) | - | - | High
+230 | [78.128.124.0](https://vuldb.com/?ip.78.128.124.0) | - | - | High
+231 | [78.128.126.0](https://vuldb.com/?ip.78.128.126.0) | - | - | High
+232 | [78.130.128.0](https://vuldb.com/?ip.78.130.128.0) | - | - | High
+233 | [78.142.0.0](https://vuldb.com/?ip.78.142.0.0) | - | - | High
+234 | [78.142.1.0](https://vuldb.com/?ip.78.142.1.0) | - | - | High
+235 | [78.142.2.0](https://vuldb.com/?ip.78.142.2.0) | - | - | High
+236 | [78.142.4.0](https://vuldb.com/?ip.78.142.4.0) | - | - | High
+237 | [78.142.9.0](https://vuldb.com/?ip.78.142.9.0) | - | - | High
+238 | [78.142.10.0](https://vuldb.com/?ip.78.142.10.0) | - | - | High
+239 | [78.142.12.0](https://vuldb.com/?ip.78.142.12.0) | - | - | High
+240 | [78.142.16.0](https://vuldb.com/?ip.78.142.16.0) | - | - | High
+241 | [78.142.19.0](https://vuldb.com/?ip.78.142.19.0) | - | - | High
+242 | [78.142.20.0](https://vuldb.com/?ip.78.142.20.0) | - | - | High
+243 | [78.142.24.0](https://vuldb.com/?ip.78.142.24.0) | - | - | High
+244 | [78.142.28.0](https://vuldb.com/?ip.78.142.28.0) | 78.142.28.0.telecom-bg.com | - | High
+245 | [78.142.30.0](https://vuldb.com/?ip.78.142.30.0) | - | - | High
+246 | [78.142.32.0](https://vuldb.com/?ip.78.142.32.0) | - | - | High
+247 | [78.154.0.0](https://vuldb.com/?ip.78.154.0.0) | - | - | High
+248 | [78.159.128.0](https://vuldb.com/?ip.78.159.128.0) | - | - | High
+249 | [78.159.131.0](https://vuldb.com/?ip.78.159.131.0) | - | - | High
+250 | [78.159.136.0](https://vuldb.com/?ip.78.159.136.0) | - | - | High
+251 | [78.159.149.0](https://vuldb.com/?ip.78.159.149.0) | - | - | High
+252 | [78.159.150.0](https://vuldb.com/?ip.78.159.150.0) | - | - | High
+253 | [78.159.152.0](https://vuldb.com/?ip.78.159.152.0) | - | - | High
+254 | [78.159.157.0](https://vuldb.com/?ip.78.159.157.0) | - | - | High
+255 | [78.159.158.0](https://vuldb.com/?ip.78.159.158.0) | - | - | High
+256 | [79.98.104.0](https://vuldb.com/?ip.79.98.104.0) | - | - | High
+257 | [79.100.0.0](https://vuldb.com/?ip.79.100.0.0) | - | - | High
+258 | [79.110.112.0](https://vuldb.com/?ip.79.110.112.0) | - | - | High
+259 | [79.124.0.0](https://vuldb.com/?ip.79.124.0.0) | - | - | High
+260 | [79.124.2.0](https://vuldb.com/?ip.79.124.2.0) | - | - | High
+261 | [79.124.4.0](https://vuldb.com/?ip.79.124.4.0) | - | - | High
+262 | [79.124.9.0](https://vuldb.com/?ip.79.124.9.0) | - | - | High
+263 | [79.124.10.0](https://vuldb.com/?ip.79.124.10.0) | - | - | High
+264 | [79.124.12.0](https://vuldb.com/?ip.79.124.12.0) | - | - | High
+265 | [79.124.16.0](https://vuldb.com/?ip.79.124.16.0) | - | - | High
+266 | [79.124.32.0](https://vuldb.com/?ip.79.124.32.0) | - | - | High
+267 | [79.124.48.0](https://vuldb.com/?ip.79.124.48.0) | - | - | High
+268 | [79.124.56.0](https://vuldb.com/?ip.79.124.56.0) | - | - | High
+269 | [79.124.60.0](https://vuldb.com/?ip.79.124.60.0) | - | - | High
+270 | [79.124.63.0](https://vuldb.com/?ip.79.124.63.0) | telepoint-net.msk.bg | - | High
+271 | [79.124.64.0](https://vuldb.com/?ip.79.124.64.0) | - | - | High
+272 | [79.124.72.0](https://vuldb.com/?ip.79.124.72.0) | - | - | High
+273 | [79.124.76.0](https://vuldb.com/?ip.79.124.76.0) | - | - | High
+274 | [79.124.78.0](https://vuldb.com/?ip.79.124.78.0) | - | - | High
+275 | [79.124.79.0](https://vuldb.com/?ip.79.124.79.0) | - | - | High
+276 | [79.124.80.0](https://vuldb.com/?ip.79.124.80.0) | - | - | High
+277 | [79.132.0.0](https://vuldb.com/?ip.79.132.0.0) | - | - | High
+278 | [79.134.48.0](https://vuldb.com/?ip.79.134.48.0) | - | - | High
+279 | [79.134.160.0](https://vuldb.com/?ip.79.134.160.0) | - | - | High
+280 | [79.142.70.0](https://vuldb.com/?ip.79.142.70.0) | bg.as51430.net | - | High
+281 | [80.72.64.0](https://vuldb.com/?ip.80.72.64.0) | - | - | High
+282 | [80.72.72.0](https://vuldb.com/?ip.80.72.72.0) | - | - | High
+283 | [80.72.76.0](https://vuldb.com/?ip.80.72.76.0) | - | - | High
+284 | [80.72.79.0](https://vuldb.com/?ip.80.72.79.0) | - | - | High
+285 | [80.72.80.0](https://vuldb.com/?ip.80.72.80.0) | - | - | High
+286 | [80.72.92.0](https://vuldb.com/?ip.80.72.92.0) | - | - | High
+287 | [80.76.48.0](https://vuldb.com/?ip.80.76.48.0) | hosted-by.technox.com.tr | - | High
+288 | [80.78.224.0](https://vuldb.com/?ip.80.78.224.0) | - | - | High
+289 | [80.80.128.0](https://vuldb.com/?ip.80.80.128.0) | - | - | High
+290 | [80.84.137.0](https://vuldb.com/?ip.80.84.137.0) | - | - | High
+291 | [80.84.167.0](https://vuldb.com/?ip.80.84.167.0) | - | - | High
+292 | [80.95.16.0](https://vuldb.com/?ip.80.95.16.0) | - | - | High
+293 | [80.248.224.146](https://vuldb.com/?ip.80.248.224.146) | - | - | High
+294 | [80.253.48.0](https://vuldb.com/?ip.80.253.48.0) | - | - | High
+295 | [81.2.149.124](https://vuldb.com/?ip.81.2.149.124) | - | - | High
+296 | [81.161.237.0](https://vuldb.com/?ip.81.161.237.0) | - | - | High
+297 | [81.161.240.0](https://vuldb.com/?ip.81.161.240.0) | - | - | High
+298 | [82.101.64.0](https://vuldb.com/?ip.82.101.64.0) | - | - | High
+299 | [82.102.23.0](https://vuldb.com/?ip.82.102.23.0) | nche0.pelibi.com | - | High
+300 | [82.103.64.0](https://vuldb.com/?ip.82.103.64.0) | - | - | High
+301 | [82.112.168.0](https://vuldb.com/?ip.82.112.168.0) | - | - | High
+302 | [82.112.172.0](https://vuldb.com/?ip.82.112.172.0) | - | - | High
+303 | [82.117.255.0](https://vuldb.com/?ip.82.117.255.0) | - | - | High
+304 | [82.118.224.0](https://vuldb.com/?ip.82.118.224.0) | - | - | High
+305 | [82.118.228.0](https://vuldb.com/?ip.82.118.228.0) | - | - | High
+306 | [82.118.229.0](https://vuldb.com/?ip.82.118.229.0) | ip-82.118.229.0.telepoint.bg | - | High
+307 | [82.118.230.0](https://vuldb.com/?ip.82.118.230.0) | - | - | High
+308 | [82.118.231.0](https://vuldb.com/?ip.82.118.231.0) | 82.118.231.0.telecom-bg.com | - | High
+309 | [82.118.232.0](https://vuldb.com/?ip.82.118.232.0) | 82.118.232.0.telecom-bg.com | - | High
+310 | [82.118.234.0](https://vuldb.com/?ip.82.118.234.0) | - | - | High
+311 | [82.118.236.0](https://vuldb.com/?ip.82.118.236.0) | - | - | High
+312 | [82.118.240.0](https://vuldb.com/?ip.82.118.240.0) | siteground-office.net | - | High
+313 | [82.118.243.0](https://vuldb.com/?ip.82.118.243.0) | - | - | High
+314 | [82.118.244.0](https://vuldb.com/?ip.82.118.244.0) | - | - | High
+315 | [82.118.248.0](https://vuldb.com/?ip.82.118.248.0) | - | - | High
+316 | [82.119.64.0](https://vuldb.com/?ip.82.119.64.0) | 82.119.64.0.telecom-bg.com | - | High
+317 | [82.137.64.0](https://vuldb.com/?ip.82.137.64.0) | - | - | High
+318 | [82.146.0.0](https://vuldb.com/?ip.82.146.0.0) | - | - | High
+319 | [82.146.8.0](https://vuldb.com/?ip.82.146.8.0) | - | - | High
+320 | [82.146.12.0](https://vuldb.com/?ip.82.146.12.0) | - | - | High
+321 | [82.146.14.0](https://vuldb.com/?ip.82.146.14.0) | - | - | High
+322 | [82.146.16.0](https://vuldb.com/?ip.82.146.16.0) | - | - | High
+323 | [82.147.128.0](https://vuldb.com/?ip.82.147.128.0) | - | - | High
+324 | [82.195.187.17](https://vuldb.com/?ip.82.195.187.17) | - | - | High
+325 | [83.97.24.0](https://vuldb.com/?ip.83.97.24.0) | - | - | High
+326 | [83.97.64.0](https://vuldb.com/?ip.83.97.64.0) | - | - | High
+327 | [83.142.16.0](https://vuldb.com/?ip.83.142.16.0) | - | - | High
+328 | [83.142.48.0](https://vuldb.com/?ip.83.142.48.0) | 83-142-48-0.dynamic-pool.mclaut.net | - | High
+329 | ... | ... | ... | ...
 
-There are 958 more IOC items available. Please use our online service to access the data.
+There are 1313 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -270,14 +359,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-35 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -285,60 +372,65 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `//` | Low
-3 | File | `/dev/block/mmcblk0rpmb` | High
-4 | File | `/forum/away.php` | High
-5 | File | `/fos/admin/ajax.php?action=login` | High
-6 | File | `/fos/admin/index.php?page=menu` | High
-7 | File | `/login/index.php` | High
-8 | File | `/output/outdbg.c` | High
-9 | File | `/output/outieee.c` | High
-10 | File | `/password/reset` | High
-11 | File | `/ptippage.cgi` | High
-12 | File | `/ptipupgrade.cgi` | High
-13 | File | `/reports/rwservlet` | High
-14 | File | `/royal_event/userregister.php` | High
-15 | File | `/u/username.json` | High
-16 | File | `01article.php` | High
-17 | File | `admin/abc.php` | High
-18 | File | `admin/admin/adminsave.html` | High
-19 | File | `admin/approve_user.php` | High
-20 | File | `admin/conf_users_edit.php` | High
-21 | File | `admin/expense_report.php` | High
-22 | File | `admin/forget_password.php` | High
-23 | File | `admin/make_payments.php` | High
-24 | File | `admin/manage_user.php` | High
-25 | File | `admin/page-login.php` | High
-26 | File | `admin/panels/entry/admin.entry.list.php` | High
-27 | File | `admin/panels/uploader/admin.uploader.php` | High
-28 | File | `administers` | Medium
-29 | File | `admin_class.php` | High
-30 | File | `agent/listener/templates/tail.html` | High
-31 | File | `ajax_invoice.php` | High
-32 | File | `announce.php` | Medium
-33 | File | `api.php` | Low
-34 | File | `api/?api=add_server` | High
-35 | File | `app.py` | Low
-36 | File | `app/api/songs.py` | High
-37 | File | `app/business/impl/ReviewServiceImpl.java` | High
-38 | File | `app/controllers/code_caller_controller.php` | High
-39 | File | `app/controllers/curupira/passwords_controller.rb` | High
-40 | File | `app/controllers/geopoll_controller.rb` | High
-41 | File | `app/controllers/image_controller.rb` | High
-42 | File | `app/controllers/oauth.js` | High
-43 | File | `app/filters.php` | High
-44 | File | `application/controllers/timedtext.php` | High
-45 | File | `application/libraries/LanguageTask.php` | High
-46 | ... | ... | ...
+1 | File | `/+CSCOE+/logon.html` | High
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/` | Low
+4 | File | `/admin/ajax.php` | High
+5 | File | `/admin/content/index` | High
+6 | File | `/admin/delete_user.php` | High
+7 | File | `/admin/doctors.php` | High
+8 | File | `/admin/edit-doc.php` | High
+9 | File | `/admin/getallarticleinfo` | High
+10 | File | `/admin/index3.php` | High
+11 | File | `/admin/login.php` | High
+12 | File | `/admin/patient.php` | High
+13 | File | `/admin/robot/approval/list` | High
+14 | File | `/admin_system/api.php` | High
+15 | File | `/alphaware/summary.php` | High
+16 | File | `/api/admin/system/store/order/list` | High
+17 | File | `/APR/login.php` | High
+18 | File | `/APR/signup.php` | High
+19 | File | `/cgi-bin/mft/wireless_mft` | High
+20 | File | `/cgi-bin/wapopen` | High
+21 | File | `/edoc/doctor/patient.php` | High
+22 | File | `/file_manager/login.php` | High
+23 | File | `/forum/away.php` | High
+24 | File | `/fos/admin/ajax.php?action=save_settings` | High
+25 | File | `/ghost/preview` | High
+26 | File | `/mims/login.php` | High
+27 | File | `/Moosikay/order.php` | High
+28 | File | `/param.file.tgz` | High
+29 | File | `/philosophy/admin/login.php` | High
+30 | File | `/philosophy/admin/user/controller.php?action=add` | High
+31 | File | `/php-scrm/login.php` | High
+32 | File | `/plugins/playbooks/api/v0/playbooks/[playbookID` | High
+33 | File | `/plugins/playbooks/api/v0/runs` | High
+34 | File | `/public/launchNewWindow.jsp` | High
+35 | File | `/reservation/add_message.php` | High
+36 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+37 | File | `/textpattern/index.php` | High
+38 | File | `/tmp` | Low
+39 | File | `account/signup.php` | High
+40 | File | `activenews_view.asp` | High
+41 | File | `ad-blocking-detector.php` | High
+42 | File | `addentry.php` | Medium
+43 | File | `addmem.php` | Medium
+44 | File | `addons/Commons/src/tts-utils.js` | High
+45 | File | `addons/Text_Selection/src/presenter.js` | High
+46 | File | `admin-ajax.php` | High
+47 | File | `admin.php` | Medium
+48 | File | `admin/?page=admin` | High
+49 | File | `admin/?page=students/view_student` | High
+50 | ... | ... | ...
 
-There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bg.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bg.netset
 
 ## Literature
 

actors/Bumblebee/README.md

@@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [VN](https://vuldb.com/?country.vn)
 * [US](https://vuldb.com/?country.us)
-* [NL](https://vuldb.com/?country.nl)
+* [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 10 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -148,13 +148,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 18 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -163,38 +163,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.env` | Low
-2 | File | `/appliance/users?action=edit` | High
-3 | File | `/backup.pl` | Medium
-4 | File | `/blogengine/api/posts` | High
-5 | File | `/cgi-bin/wlogin.cgi` | High
-6 | File | `/forum/away.php` | High
-7 | File | `/login/index.php` | High
-8 | File | `/Moosikay/order.php` | High
-9 | File | `/out.php` | Medium
-10 | File | `/php-scrm/login.php` | High
-11 | File | `/products/view_product.php` | High
-12 | File | `/public/login.htm` | High
-13 | File | `/secure/QueryComponent!Default.jspa` | High
-14 | File | `/shell` | Low
-15 | File | `/spip.php` | Medium
-16 | File | `/tmp/boa-temp` | High
-17 | File | `/usr/bin/tddp` | High
-18 | File | `/wp-admin/admin-ajax.php` | High
-19 | File | `/wp-admin/options.php` | High
-20 | File | `/wp-json/wc/v3/webhooks` | High
-21 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-22 | File | `action.php` | Medium
-23 | File | `adclick.php` | Medium
-24 | File | `admin/admin.php?action=users&mode=info&user=2` | High
-25 | File | `admin/disapprove_user.php` | High
-26 | File | `admin/import/class-import-settings.php` | High
-27 | File | `admin/manage_user.php` | High
-28 | File | `admin/page-login.php` | High
-29 | File | `adminer.php` | Medium
-30 | File | `AndroidManifest.xml` | High
-31 | ... | ... | ...
+2 | File | `//` | Low
+3 | File | `/?ajax-request=jnews` | High
+4 | File | `/admin` | Low
+5 | File | `/admin/patient.php` | High
+6 | File | `/api/jmeter/download/files` | High
+7 | File | `/api/upload` | Medium
+8 | File | `/api/v1/attack/falco` | High
+9 | File | `/APR/login.php` | High
+10 | File | `/as/authorization.oauth2` | High
+11 | File | `/backup.pl` | Medium
+12 | File | `/cgi-bin/luci/api/auth` | High
+13 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/churchcrm/EventAttendance.php` | High
+16 | File | `/DXR.axd` | Medium
+17 | File | `/edoc/doctor/patient.php` | High
+18 | File | `/filemanager/php/connector.php` | High
+19 | File | `/files/import` | High
+20 | File | `/forum/away.php` | High
+21 | File | `/j_security_check` | High
+22 | File | `/librarian/bookdetails.php` | High
+23 | File | `/mhds/clinic/view_details.php` | High
+24 | File | `/modules/projects/vw_files.php` | High
+25 | File | `/Moosikay/order.php` | High
+26 | File | `/out.php` | Medium
+27 | File | `/php-scrm/login.php` | High
+28 | File | `/reservation/add_message.php` | High
+29 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+30 | File | `/rukovoditel/index.php?module=users/login` | High
+31 | File | `/static/ueditor/php/controller.php` | High
+32 | File | `/tmp/boa-temp` | High
+33 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+34 | File | `/wp-admin/admin-ajax.php` | High
+35 | File | `/wp-admin/options.php` | High
+36 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+37 | ... | ... | ...
 
-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Bunitu/README.md

@@ -91,7 +91,7 @@ ID | Type | Indicator | Confidence
 36 | File | `arq_updater` | Medium
 37 | ... | ... | ...
 
-There are 314 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Burkina Faso Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 15 more country items available. Please use our online service to access the data.
+There are 16 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -61,39 +61,40 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 3 | File | `/admin/ajax/avatar.php` | High
 4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/default.php?idx=17` | High
-8 | File | `/download` | Medium
-9 | File | `/forum/away.php` | High
-10 | File | `/index.php` | Medium
-11 | File | `/nova/bin/traceroute` | High
-12 | File | `/opt/bin/cli` | Medium
-13 | File | `/p` | Low
-14 | File | `/patient/doctors.php` | High
-15 | File | `/phpinventory/editcategory.php` | High
-16 | File | `/product-list.php` | High
-17 | File | `/spip.php` | Medium
-18 | File | `/uncpath/` | Medium
-19 | File | `/updown/upload.cgi` | High
-20 | File | `/user/del.php` | High
-21 | File | `/_next` | Low
-22 | File | `123flashchat.php` | High
-23 | File | `act.php` | Low
-24 | File | `admin/bad.php` | High
-25 | File | `admin/index.php` | High
-26 | File | `admin/index.php/user/del/1` | High
-27 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-28 | File | `administrator/index.php` | High
-29 | File | `ajax/render/widget_php` | High
-30 | File | `album_portal.php` | High
-31 | File | `api.php` | Low
-32 | File | `application/home/controller/debug.php` | High
-33 | File | `articulo.php` | Medium
-34 | File | `author.control.php` | High
-35 | ... | ... | ...
+5 | File | `/admin/lab.php` | High
+6 | File | `/admin/payment.php` | High
+7 | File | `/admin/show.php` | High
+8 | File | `/default.php?idx=17` | High
+9 | File | `/download` | Medium
+10 | File | `/forum/away.php` | High
+11 | File | `/index.php` | Medium
+12 | File | `/nova/bin/traceroute` | High
+13 | File | `/opt/bin/cli` | Medium
+14 | File | `/p` | Low
+15 | File | `/patient/doctors.php` | High
+16 | File | `/phpinventory/editcategory.php` | High
+17 | File | `/product-list.php` | High
+18 | File | `/spip.php` | Medium
+19 | File | `/uncpath/` | Medium
+20 | File | `/updown/upload.cgi` | High
+21 | File | `/user/del.php` | High
+22 | File | `/_next` | Low
+23 | File | `123flashchat.php` | High
+24 | File | `act.php` | Low
+25 | File | `admin/bad.php` | High
+26 | File | `admin/index.php` | High
+27 | File | `admin/index.php/user/del/1` | High
+28 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+29 | File | `administrator/index.php` | High
+30 | File | `ajax/render/widget_php` | High
+31 | File | `album_portal.php` | High
+32 | File | `api.php` | Low
+33 | File | `application/home/controller/debug.php` | High
+34 | File | `articulo.php` | Medium
+35 | File | `author.control.php` | High
+36 | ... | ... | ...
 
-There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Burundi Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [FR](https://vuldb.com/?country.fr)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -21,15 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.62.60.60](https://vuldb.com/?ip.5.62.60.60) | r-60-60-62-5.consumer-pool.prcdn.net | - | High
-2 | [5.62.62.60](https://vuldb.com/?ip.5.62.62.60) | r-60-62-62-5.consumer-pool.prcdn.net | - | High
-3 | [41.79.44.0](https://vuldb.com/?ip.41.79.44.0) | - | - | High
-4 | [41.79.224.0](https://vuldb.com/?ip.41.79.224.0) | - | - | High
-5 | [45.12.70.24](https://vuldb.com/?ip.45.12.70.24) | libres-shmit.get-eye.com | - | High
-6 | [45.12.71.24](https://vuldb.com/?ip.45.12.71.24) | - | - | High
+1 | [2.18.11.0](https://vuldb.com/?ip.2.18.11.0) | a2-18-11-0.deploy.static.akamaitechnologies.com | - | High
+2 | [5.62.60.60](https://vuldb.com/?ip.5.62.60.60) | r-60-60-62-5.consumer-pool.prcdn.net | - | High
+3 | [5.62.62.60](https://vuldb.com/?ip.5.62.62.60) | r-60-62-62-5.consumer-pool.prcdn.net | - | High
+4 | [41.79.44.0](https://vuldb.com/?ip.41.79.44.0) | - | - | High
+5 | [41.79.224.0](https://vuldb.com/?ip.41.79.224.0) | - | - | High
+6 | [41.207.112.0](https://vuldb.com/?ip.41.207.112.0) | - | - | High
 7 | ... | ... | ... | ...
 
-There are 22 more IOC items available. Please use our online service to access the data.
+There are 26 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -54,43 +54,45 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 3 | File | `/admin/ajax/avatar.php` | High
 4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/default.php?idx=17` | High
-8 | File | `/download` | Medium
-9 | File | `/forum/away.php` | High
-10 | File | `/index.php` | Medium
-11 | File | `/opt/bin/cli` | Medium
-12 | File | `/p` | Low
-13 | File | `/patient/doctors.php` | High
-14 | File | `/phpinventory/editcategory.php` | High
-15 | File | `/product-list.php` | High
-16 | File | `/spip.php` | Medium
-17 | File | `/uncpath/` | Medium
-18 | File | `/updown/upload.cgi` | High
-19 | File | `/user/del.php` | High
-20 | File | `/_next` | Low
-21 | File | `123flashchat.php` | High
-22 | File | `act.php` | Low
-23 | File | `admin/bad.php` | High
-24 | File | `admin/conf_users_edit.php` | High
-25 | File | `admin/dashboard.php` | High
-26 | File | `admin/index.php` | High
-27 | File | `admin/index.php/user/del/1` | High
-28 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-29 | File | `administrator/index.php` | High
-30 | File | `ajax/render/widget_php` | High
-31 | File | `album_portal.php` | High
-32 | File | `api.php` | Low
-33 | ... | ... | ...
+5 | File | `/admin/lab.php` | High
+6 | File | `/admin/payment.php` | High
+7 | File | `/admin/show.php` | High
+8 | File | `/default.php?idx=17` | High
+9 | File | `/download` | Medium
+10 | File | `/forum/away.php` | High
+11 | File | `/index.php` | Medium
+12 | File | `/opt/bin/cli` | Medium
+13 | File | `/p` | Low
+14 | File | `/patient/doctors.php` | High
+15 | File | `/phpinventory/editcategory.php` | High
+16 | File | `/product-list.php` | High
+17 | File | `/spip.php` | Medium
+18 | File | `/uncpath/` | Medium
+19 | File | `/updown/upload.cgi` | High
+20 | File | `/user/del.php` | High
+21 | File | `/_next` | Low
+22 | File | `123flashchat.php` | High
+23 | File | `act.php` | Low
+24 | File | `admin/bad.php` | High
+25 | File | `admin/conf_users_edit.php` | High
+26 | File | `admin/dashboard.php` | High
+27 | File | `admin/index.php` | High
+28 | File | `admin/index.php/user/del/1` | High
+29 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+30 | File | `administrator/index.php` | High
+31 | File | `ajax/render/widget_php` | High
+32 | File | `album_portal.php` | High
+33 | File | `api.php` | Low
+34 | ... | ... | ...
 
-There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bi.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bi.netset
 
 ## Literature
 

actors/Butterfly/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...
 
-There are 13 more country items available. Please use our online service to access the data.
+There are 14 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 

actors/Cabo Verde Unknown/README.md

@@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [ES](https://vuldb.com/?country.es)
-* [PT](https://vuldb.com/?country.pt)
+* [FR](https://vuldb.com/?country.fr)
 * ...
 
-There are 16 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -25,9 +25,10 @@ ID | IP address | Hostname | Campaign | Confidence
 2 | [5.62.62.72](https://vuldb.com/?ip.5.62.62.72) | r-72-62-62-5.consumer-pool.prcdn.net | - | High
 3 | [41.74.128.0](https://vuldb.com/?ip.41.74.128.0) | - | - | High
 4 | [41.79.124.0](https://vuldb.com/?ip.41.79.124.0) | - | - | High
-5 | ... | ... | ... | ...
+5 | [41.215.208.0](https://vuldb.com/?ip.41.215.208.0) | - | - | High
+6 | ... | ... | ... | ...
 
-There are 17 more IOC items available. Please use our online service to access the data.
+There are 21 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -54,46 +55,49 @@ ID | Type | Indicator | Confidence
 3 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 4 | File | `/admin/ajax/avatar.php` | High
 5 | File | `/admin/index.php` | High
-6 | File | `/admin/payment.php` | High
-7 | File | `/admin/show.php` | High
-8 | File | `/api/json/admin/getmailserversettings` | High
-9 | File | `/default.php?idx=17` | High
-10 | File | `/download` | Medium
-11 | File | `/forum/away.php` | High
-12 | File | `/home.php` | Medium
-13 | File | `/index.php` | Medium
-14 | File | `/opt/bin/cli` | Medium
-15 | File | `/p` | Low
-16 | File | `/patient/doctors.php` | High
-17 | File | `/phpinventory/editcategory.php` | High
-18 | File | `/product-list.php` | High
-19 | File | `/rest/api/2/user/picker` | High
-20 | File | `/RestAPI` | Medium
-21 | File | `/spip.php` | Medium
-22 | File | `/uncpath/` | Medium
-23 | File | `/updown/upload.cgi` | High
-24 | File | `/user/del.php` | High
-25 | File | `/_next` | Low
-26 | File | `123flashchat.php` | High
-27 | File | `act.php` | Low
-28 | File | `admin.php` | Medium
-29 | File | `admin/bad.php` | High
-30 | File | `admin/index.php` | High
-31 | File | `admin/index.php/user/del/1` | High
-32 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-33 | File | `administrator/index.php` | High
-34 | File | `affich.php` | Medium
-35 | File | `ajax/render/widget_php` | High
-36 | File | `album_portal.php` | High
-37 | ... | ... | ...
+6 | File | `/admin/lab.php` | High
+7 | File | `/admin/payment.php` | High
+8 | File | `/admin/show.php` | High
+9 | File | `/api/json/admin/getmailserversettings` | High
+10 | File | `/default.php?idx=17` | High
+11 | File | `/download` | Medium
+12 | File | `/forum/away.php` | High
+13 | File | `/home.php` | Medium
+14 | File | `/index.php` | Medium
+15 | File | `/opt/bin/cli` | Medium
+16 | File | `/p` | Low
+17 | File | `/patient/doctors.php` | High
+18 | File | `/phpinventory/editcategory.php` | High
+19 | File | `/product-list.php` | High
+20 | File | `/rest/api/2/user/picker` | High
+21 | File | `/RestAPI` | Medium
+22 | File | `/spip.php` | Medium
+23 | File | `/uncpath/` | Medium
+24 | File | `/updown/upload.cgi` | High
+25 | File | `/user/del.php` | High
+26 | File | `/_next` | Low
+27 | File | `123flashchat.php` | High
+28 | File | `act.php` | Low
+29 | File | `admin.php` | Medium
+30 | File | `admin/bad.php` | High
+31 | File | `admin/index.php` | High
+32 | File | `admin/index.php/user/del/1` | High
+33 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+34 | File | `administrator/index.php` | High
+35 | File | `affich.php` | Medium
+36 | File | `ajax/render/widget_php` | High
+37 | File | `album_portal.php` | High
+38 | File | `api.php` | Low
+39 | ... | ... | ...
 
-There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_cv.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_cv.netset
 
 ## Literature
 

actors/Cambodia Unknown/README.md

@@ -9,8 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cambodia Unknown:
 
 * [KH](https://vuldb.com/?country.kh)
+* [RU](https://vuldb.com/?country.ru)
 * [US](https://vuldb.com/?country.us)
-* [ID](https://vuldb.com/?country.id)
+* ...
+
+There are 3 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -24,63 +27,75 @@ ID | IP address | Hostname | Campaign | Confidence
 4 | [5.62.62.64](https://vuldb.com/?ip.5.62.62.64) | r-64-62-62-5.consumer-pool.prcdn.net | - | High
 5 | [27.34.178.0](https://vuldb.com/?ip.27.34.178.0) | - | - | High
 6 | [27.34.178.64](https://vuldb.com/?ip.27.34.178.64) | - | - | High
-7 | [27.34.186.0](https://vuldb.com/?ip.27.34.186.0) | - | - | High
-8 | [27.34.186.2](https://vuldb.com/?ip.27.34.186.2) | - | - | High
-9 | [27.34.187.0](https://vuldb.com/?ip.27.34.187.0) | - | - | High
-10 | [27.34.187.32](https://vuldb.com/?ip.27.34.187.32) | - | - | High
-11 | [27.96.84.0](https://vuldb.com/?ip.27.96.84.0) | - | - | High
-12 | [27.109.112.0](https://vuldb.com/?ip.27.109.112.0) | - | - | High
-13 | [27.111.8.0](https://vuldb.com/?ip.27.111.8.0) | - | - | High
-14 | [27.116.60.0](https://vuldb.com/?ip.27.116.60.0) | - | - | High
-15 | [27.124.33.0](https://vuldb.com/?ip.27.124.33.0) | - | - | High
-16 | [27.124.34.0](https://vuldb.com/?ip.27.124.34.0) | - | - | High
-17 | [27.124.36.0](https://vuldb.com/?ip.27.124.36.0) | - | - | High
-18 | [27.124.40.0](https://vuldb.com/?ip.27.124.40.0) | - | - | High
-19 | [34.98.224.0](https://vuldb.com/?ip.34.98.224.0) | 0.224.98.34.bc.googleusercontent.com | - | Medium
-20 | [34.98.240.0](https://vuldb.com/?ip.34.98.240.0) | 0.240.98.34.bc.googleusercontent.com | - | Medium
-21 | [34.103.0.0](https://vuldb.com/?ip.34.103.0.0) | 0.0.103.34.bc.googleusercontent.com | - | Medium
-22 | [36.37.128.0](https://vuldb.com/?ip.36.37.128.0) | metfone.com.kh | - | High
-23 | [36.255.144.0](https://vuldb.com/?ip.36.255.144.0) | - | - | High
-24 | [42.115.0.0](https://vuldb.com/?ip.42.115.0.0) | - | - | High
-25 | [43.226.12.0](https://vuldb.com/?ip.43.226.12.0) | - | - | High
-26 | [43.230.60.0](https://vuldb.com/?ip.43.230.60.0) | - | - | High
-27 | [43.230.192.0](https://vuldb.com/?ip.43.230.192.0) | - | - | High
-28 | [43.231.64.0](https://vuldb.com/?ip.43.231.64.0) | - | - | High
-29 | [43.245.32.0](https://vuldb.com/?ip.43.245.32.0) | - | - | High
-30 | [43.245.200.0](https://vuldb.com/?ip.43.245.200.0) | - | - | High
-31 | [43.245.216.0](https://vuldb.com/?ip.43.245.216.0) | - | - | High
-32 | [43.252.16.0](https://vuldb.com/?ip.43.252.16.0) | - | - | High
-33 | [43.252.80.0](https://vuldb.com/?ip.43.252.80.0) | - | - | High
-34 | [43.255.112.0](https://vuldb.com/?ip.43.255.112.0) | - | - | High
-35 | [45.12.70.118](https://vuldb.com/?ip.45.12.70.118) | device-despite.yourbandinc.com | - | High
-36 | [45.12.71.118](https://vuldb.com/?ip.45.12.71.118) | - | - | High
-37 | [45.59.146.0](https://vuldb.com/?ip.45.59.146.0) | - | - | High
-38 | [45.64.124.0](https://vuldb.com/?ip.45.64.124.0) | - | - | High
-39 | [45.112.44.0](https://vuldb.com/?ip.45.112.44.0) | - | - | High
-40 | [45.114.160.0](https://vuldb.com/?ip.45.114.160.0) | - | - | High
-41 | [45.115.80.0](https://vuldb.com/?ip.45.115.80.0) | - | - | High
-42 | [45.115.180.0](https://vuldb.com/?ip.45.115.180.0) | - | - | High
-43 | [45.115.208.0](https://vuldb.com/?ip.45.115.208.0) | - | - | High
-44 | [45.118.76.0](https://vuldb.com/?ip.45.118.76.0) | - | - | High
-45 | [45.121.236.0](https://vuldb.com/?ip.45.121.236.0) | akctv.com | - | High
-46 | [45.127.152.0](https://vuldb.com/?ip.45.127.152.0) | - | - | High
-47 | [45.250.236.0](https://vuldb.com/?ip.45.250.236.0) | - | - | High
-48 | [46.244.29.64](https://vuldb.com/?ip.46.244.29.64) | - | - | High
-49 | [49.156.0.0](https://vuldb.com/?ip.49.156.0.0) | - | - | High
-50 | [49.156.32.0](https://vuldb.com/?ip.49.156.32.0) | - | - | High
-51 | [64.64.121.64](https://vuldb.com/?ip.64.64.121.64) | - | - | High
-52 | [66.102.33.0](https://vuldb.com/?ip.66.102.33.0) | - | - | High
-53 | [81.161.239.0](https://vuldb.com/?ip.81.161.239.0) | - | - | High
-54 | [83.172.62.0](https://vuldb.com/?ip.83.172.62.0) | - | - | High
-55 | [85.209.176.0](https://vuldb.com/?ip.85.209.176.0) | - | - | High
-56 | [87.247.160.0](https://vuldb.com/?ip.87.247.160.0) | - | - | High
-57 | [96.9.64.0](https://vuldb.com/?ip.96.9.64.0) | - | - | High
-58 | [102.129.232.0](https://vuldb.com/?ip.102.129.232.0) | - | - | High
-59 | [103.5.124.0](https://vuldb.com/?ip.103.5.124.0) | - | - | High
-60 | [103.5.230.0](https://vuldb.com/?ip.103.5.230.0) | - | - | High
-61 | ... | ... | ... | ...
+7 | [27.34.183.0](https://vuldb.com/?ip.27.34.183.0) | - | - | High
+8 | [27.34.186.0](https://vuldb.com/?ip.27.34.186.0) | - | - | High
+9 | [27.34.186.2](https://vuldb.com/?ip.27.34.186.2) | - | - | High
+10 | [27.34.187.0](https://vuldb.com/?ip.27.34.187.0) | - | - | High
+11 | [27.34.187.32](https://vuldb.com/?ip.27.34.187.32) | - | - | High
+12 | [27.34.189.0](https://vuldb.com/?ip.27.34.189.0) | - | - | High
+13 | [27.96.84.0](https://vuldb.com/?ip.27.96.84.0) | - | - | High
+14 | [27.109.112.0](https://vuldb.com/?ip.27.109.112.0) | - | - | High
+15 | [27.111.8.0](https://vuldb.com/?ip.27.111.8.0) | - | - | High
+16 | [27.116.60.0](https://vuldb.com/?ip.27.116.60.0) | - | - | High
+17 | [27.124.33.0](https://vuldb.com/?ip.27.124.33.0) | - | - | High
+18 | [27.124.34.0](https://vuldb.com/?ip.27.124.34.0) | - | - | High
+19 | [27.124.36.0](https://vuldb.com/?ip.27.124.36.0) | - | - | High
+20 | [27.124.40.0](https://vuldb.com/?ip.27.124.40.0) | - | - | High
+21 | [34.98.224.0](https://vuldb.com/?ip.34.98.224.0) | 0.224.98.34.bc.googleusercontent.com | - | Medium
+22 | [34.98.240.0](https://vuldb.com/?ip.34.98.240.0) | 0.240.98.34.bc.googleusercontent.com | - | Medium
+23 | [34.103.0.0](https://vuldb.com/?ip.34.103.0.0) | 0.0.103.34.bc.googleusercontent.com | - | Medium
+24 | [36.37.128.0](https://vuldb.com/?ip.36.37.128.0) | metfone.com.kh | - | High
+25 | [36.255.144.0](https://vuldb.com/?ip.36.255.144.0) | - | - | High
+26 | [42.115.0.0](https://vuldb.com/?ip.42.115.0.0) | - | - | High
+27 | [43.129.36.175](https://vuldb.com/?ip.43.129.36.175) | - | - | High
+28 | [43.129.41.169](https://vuldb.com/?ip.43.129.41.169) | - | - | High
+29 | [43.226.12.0](https://vuldb.com/?ip.43.226.12.0) | - | - | High
+30 | [43.230.60.0](https://vuldb.com/?ip.43.230.60.0) | - | - | High
+31 | [43.230.192.0](https://vuldb.com/?ip.43.230.192.0) | - | - | High
+32 | [43.231.64.0](https://vuldb.com/?ip.43.231.64.0) | - | - | High
+33 | [43.231.220.0](https://vuldb.com/?ip.43.231.220.0) | iZxeQl5zBqI.IC849Y21.ayApslN-TlHo.iNFO | - | High
+34 | [43.245.32.0](https://vuldb.com/?ip.43.245.32.0) | - | - | High
+35 | [43.245.200.0](https://vuldb.com/?ip.43.245.200.0) | - | - | High
+36 | [43.245.216.0](https://vuldb.com/?ip.43.245.216.0) | - | - | High
+37 | [43.250.228.0](https://vuldb.com/?ip.43.250.228.0) | - | - | High
+38 | [43.252.16.0](https://vuldb.com/?ip.43.252.16.0) | - | - | High
+39 | [43.252.80.0](https://vuldb.com/?ip.43.252.80.0) | - | - | High
+40 | [43.255.112.0](https://vuldb.com/?ip.43.255.112.0) | - | - | High
+41 | [45.12.70.118](https://vuldb.com/?ip.45.12.70.118) | device-despite.yourbandinc.com | - | High
+42 | [45.12.71.118](https://vuldb.com/?ip.45.12.71.118) | - | - | High
+43 | [45.59.146.0](https://vuldb.com/?ip.45.59.146.0) | - | - | High
+44 | [45.64.124.0](https://vuldb.com/?ip.45.64.124.0) | - | - | High
+45 | [45.112.44.0](https://vuldb.com/?ip.45.112.44.0) | - | - | High
+46 | [45.114.160.0](https://vuldb.com/?ip.45.114.160.0) | - | - | High
+47 | [45.115.80.0](https://vuldb.com/?ip.45.115.80.0) | - | - | High
+48 | [45.115.180.0](https://vuldb.com/?ip.45.115.180.0) | - | - | High
+49 | [45.115.208.0](https://vuldb.com/?ip.45.115.208.0) | - | - | High
+50 | [45.118.76.0](https://vuldb.com/?ip.45.118.76.0) | - | - | High
+51 | [45.121.236.0](https://vuldb.com/?ip.45.121.236.0) | akctv.com | - | High
+52 | [45.127.152.0](https://vuldb.com/?ip.45.127.152.0) | - | - | High
+53 | [45.201.128.0](https://vuldb.com/?ip.45.201.128.0) | - | - | High
+54 | [45.201.192.0](https://vuldb.com/?ip.45.201.192.0) | - | - | High
+55 | [45.201.208.0](https://vuldb.com/?ip.45.201.208.0) | - | - | High
+56 | [45.201.212.0](https://vuldb.com/?ip.45.201.212.0) | - | - | High
+57 | [45.250.236.0](https://vuldb.com/?ip.45.250.236.0) | - | - | High
+58 | [46.244.29.64](https://vuldb.com/?ip.46.244.29.64) | - | - | High
+59 | [49.156.0.0](https://vuldb.com/?ip.49.156.0.0) | - | - | High
+60 | [49.156.32.0](https://vuldb.com/?ip.49.156.32.0) | - | - | High
+61 | [57.72.80.0](https://vuldb.com/?ip.57.72.80.0) | - | - | High
+62 | [57.92.80.0](https://vuldb.com/?ip.57.92.80.0) | - | - | High
+63 | [58.97.192.0](https://vuldb.com/?ip.58.97.192.0) | - | - | High
+64 | [58.97.224.0](https://vuldb.com/?ip.58.97.224.0) | - | - | High
+65 | [64.64.121.64](https://vuldb.com/?ip.64.64.121.64) | - | - | High
+66 | [66.102.33.0](https://vuldb.com/?ip.66.102.33.0) | - | - | High
+67 | [81.161.239.0](https://vuldb.com/?ip.81.161.239.0) | - | - | High
+68 | [83.172.62.0](https://vuldb.com/?ip.83.172.62.0) | - | - | High
+69 | [85.209.176.0](https://vuldb.com/?ip.85.209.176.0) | - | - | High
+70 | [87.247.160.0](https://vuldb.com/?ip.87.247.160.0) | - | - | High
+71 | [93.114.14.0](https://vuldb.com/?ip.93.114.14.0) | - | - | High
+72 | [96.9.64.0](https://vuldb.com/?ip.96.9.64.0) | - | - | High
+73 | ... | ... | ... | ...
 
-There are 241 more IOC items available. Please use our online service to access the data.
+There are 288 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -89,11 +104,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-22 | Pathname Traversal | High
-2 | T1059 | CWE-94 | Cross Site Scripting | High
-3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 9 more TTP items available. Please use our online service to access the data.
+There are 10 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -102,25 +117,29 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin/AddNewCity/Add_City` | High
-2 | File | `/food/admin/all_users.php` | High
-3 | File | `/forum/away.php` | High
-4 | File | `/mkshop/Men/profile.php` | High
-5 | File | `/modules/profile/index.php` | High
-6 | File | `/nova/bin/console` | High
-7 | File | `/out.php` | Medium
-8 | File | `/spip.php` | Medium
-9 | File | `/uncpath/` | Medium
-10 | File | `adclick.php` | Medium
-11 | File | `addentry.php` | Medium
-12 | ... | ... | ...
+2 | File | `/admin/subnets/ripe-query.php` | High
+3 | File | `/food/admin/all_users.php` | High
+4 | File | `/forum/away.php` | High
+5 | File | `/mkshop/Men/profile.php` | High
+6 | File | `/modules/profile/index.php` | High
+7 | File | `/nova/bin/console` | High
+8 | File | `/out.php` | Medium
+9 | File | `/spip.php` | Medium
+10 | File | `/uncpath/` | Medium
+11 | File | `/usr/bin/pkexec` | High
+12 | File | `adclick.php` | Medium
+13 | File | `addentry.php` | Medium
+14 | ... | ... | ...
 
-There are 89 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_kh.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_kh.netset
+* https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf
 
 ## Literature
 

actors/Cameroon Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 16 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -21,21 +21,27 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.62.60.68](https://vuldb.com/?ip.5.62.60.68) | r-68-60-62-5.consumer-pool.prcdn.net | - | High
-2 | [5.62.62.68](https://vuldb.com/?ip.5.62.62.68) | r-68-62-62-5.consumer-pool.prcdn.net | - | High
-3 | [41.67.192.0](https://vuldb.com/?ip.41.67.192.0) | - | - | High
-4 | [41.77.80.0](https://vuldb.com/?ip.41.77.80.0) | - | - | High
-5 | [41.77.208.0](https://vuldb.com/?ip.41.77.208.0) | - | - | High
-6 | [41.78.97.10](https://vuldb.com/?ip.41.78.97.10) | - | - | High
-7 | [41.78.204.0](https://vuldb.com/?ip.41.78.204.0) | - | - | High
-8 | [41.79.128.0](https://vuldb.com/?ip.41.79.128.0) | - | - | High
-9 | [41.92.128.0](https://vuldb.com/?ip.41.92.128.0) | - | - | High
-10 | [41.190.224.0](https://vuldb.com/?ip.41.190.224.0) | - | - | High
-11 | [41.191.100.0](https://vuldb.com/?ip.41.191.100.0) | - | - | High
-12 | [41.202.192.0](https://vuldb.com/?ip.41.202.192.0) | - | - | High
-13 | ... | ... | ... | ...
+1 | [2.16.134.0](https://vuldb.com/?ip.2.16.134.0) | a2-16-134-0.deploy.static.akamaitechnologies.com | - | High
+2 | [5.62.60.68](https://vuldb.com/?ip.5.62.60.68) | r-68-60-62-5.consumer-pool.prcdn.net | - | High
+3 | [5.62.62.68](https://vuldb.com/?ip.5.62.62.68) | r-68-62-62-5.consumer-pool.prcdn.net | - | High
+4 | [41.67.192.0](https://vuldb.com/?ip.41.67.192.0) | - | - | High
+5 | [41.67.224.0](https://vuldb.com/?ip.41.67.224.0) | - | - | High
+6 | [41.77.80.0](https://vuldb.com/?ip.41.77.80.0) | - | - | High
+7 | [41.77.208.0](https://vuldb.com/?ip.41.77.208.0) | - | - | High
+8 | [41.78.97.10](https://vuldb.com/?ip.41.78.97.10) | - | - | High
+9 | [41.78.204.0](https://vuldb.com/?ip.41.78.204.0) | - | - | High
+10 | [41.79.128.0](https://vuldb.com/?ip.41.79.128.0) | - | - | High
+11 | [41.92.128.0](https://vuldb.com/?ip.41.92.128.0) | - | - | High
+12 | [41.92.152.0](https://vuldb.com/?ip.41.92.152.0) | host-0-152-92.newtelnet.info | - | High
+13 | [41.92.176.0](https://vuldb.com/?ip.41.92.176.0) | - | - | High
+14 | [41.92.184.0](https://vuldb.com/?ip.41.92.184.0) | host-0-184-92.newtelnet.info | - | High
+15 | [41.92.200.0](https://vuldb.com/?ip.41.92.200.0) | host-0-200-92.newtelnet.info | - | High
+16 | [41.92.208.0](https://vuldb.com/?ip.41.92.208.0) | host-0-208-92.newtelnet.info | - | High
+17 | [41.92.224.0](https://vuldb.com/?ip.41.92.224.0) | host-0-224-92.newtelnet.info | - | High
+18 | [41.92.248.0](https://vuldb.com/?ip.41.92.248.0) | host-0-248-92.newtelnet.info | - | High
+19 | ... | ... | ... | ...
 
-There are 48 more IOC items available. Please use our online service to access the data.
+There are 70 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -61,44 +67,46 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 3 | File | `/admin/ajax/avatar.php` | High
 4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/default.php?idx=17` | High
-8 | File | `/download` | Medium
-9 | File | `/etc/shadow` | Medium
-10 | File | `/forum/away.php` | High
-11 | File | `/index.php` | Medium
-12 | File | `/opt/bin/cli` | Medium
-13 | File | `/p` | Low
-14 | File | `/patient/doctors.php` | High
-15 | File | `/phpinventory/editcategory.php` | High
-16 | File | `/product-list.php` | High
-17 | File | `/spip.php` | Medium
-18 | File | `/uncpath/` | Medium
-19 | File | `/updown/upload.cgi` | High
-20 | File | `/user/del.php` | High
-21 | File | `/_next` | Low
-22 | File | `123flashchat.php` | High
-23 | File | `act.php` | Low
-24 | File | `admin.jcomments.php` | High
-25 | File | `admin/bad.php` | High
-26 | File | `admin/index.php` | High
-27 | File | `admin/index.php/user/del/1` | High
-28 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-29 | File | `administrator/index.php` | High
-30 | File | `ajax/render/widget_php` | High
-31 | File | `album_portal.php` | High
-32 | File | `AoWinAgt` | Medium
-33 | File | `api.php` | Low
-34 | ... | ... | ...
+5 | File | `/admin/lab.php` | High
+6 | File | `/admin/payment.php` | High
+7 | File | `/admin/show.php` | High
+8 | File | `/default.php?idx=17` | High
+9 | File | `/download` | Medium
+10 | File | `/etc/shadow` | Medium
+11 | File | `/forum/away.php` | High
+12 | File | `/index.php` | Medium
+13 | File | `/opt/bin/cli` | Medium
+14 | File | `/p` | Low
+15 | File | `/patient/doctors.php` | High
+16 | File | `/phpinventory/editcategory.php` | High
+17 | File | `/product-list.php` | High
+18 | File | `/spip.php` | Medium
+19 | File | `/uncpath/` | Medium
+20 | File | `/updown/upload.cgi` | High
+21 | File | `/user/del.php` | High
+22 | File | `/_next` | Low
+23 | File | `123flashchat.php` | High
+24 | File | `act.php` | Low
+25 | File | `admin.jcomments.php` | High
+26 | File | `admin/bad.php` | High
+27 | File | `admin/index.php` | High
+28 | File | `admin/index.php/user/del/1` | High
+29 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+30 | File | `administrator/index.php` | High
+31 | File | `ajax/render/widget_php` | High
+32 | File | `album_portal.php` | High
+33 | File | `AoWinAgt` | Medium
+34 | File | `api.php` | Low
+35 | ... | ... | ...
 
-There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_cm.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_cm.netset
 
 ## Literature
 

actors/Canada Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...
 
-There are 29 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -3210,14 +3210,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
-6 | ... | ... | ... | ...
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -3225,52 +3223,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `/admin/api/admin/articles/` | High
-3 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-4 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-5 | File | `/api/common/ping` | High
-6 | File | `/api/v2/open/tablesInfo` | High
-7 | File | `/attachments` | Medium
-8 | File | `/bin/httpd` | Medium
-9 | File | `/bsms_ci/index.php/book` | High
-10 | File | `/cgi-bin/webadminget.cgi` | High
-11 | File | `/Default/Bd` | Medium
-12 | File | `/dev/block/mmcblk0rpmb` | High
-13 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-14 | File | `/etc/hosts` | Medium
-15 | File | `/face-recognition-php/facepay-master/camera.php` | High
-16 | File | `/forum/away.php` | High
-17 | File | `/forum/PostPrivateMessage` | High
-18 | File | `/fos/admin/ajax.php?action=login` | High
-19 | File | `/fos/admin/index.php?page=menu` | High
-20 | File | `/home/masterConsole` | High
-21 | File | `/home/sendBroadcast` | High
-22 | File | `/hrm/controller/employee.php` | High
-23 | File | `/hrm/employeeadd.php` | High
-24 | File | `/hrm/employeeview.php` | High
-25 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-26 | File | `/lookin/info` | Medium
-27 | File | `/medicines/profile.php` | High
-28 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
-29 | File | `/product/savenewproduct.php?flag=1` | High
-30 | File | `/proxy` | Low
-31 | File | `/reports/rwservlet` | High
-32 | File | `/services/Card/findUser` | High
-33 | File | `/spip.php` | Medium
-34 | File | `/tmp` | Low
-35 | File | `/uncpath/` | Medium
-36 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-37 | File | `/view-property.php` | High
-38 | File | `/wireless/security.asp` | High
-39 | File | `01article.php` | High
-40 | File | `AbstractScheduleJob.java` | High
-41 | File | `action.php` | Medium
-42 | File | `actionphp/download.File.php` | High
-43 | File | `ActivityRecord.java` | High
-44 | ... | ... | ...
+1 | File | `/admin.php/accessory/filesdel.html` | High
+2 | File | `/admin/` | Low
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/doctors.php` | High
+6 | File | `/alphaware/summary.php` | High
+7 | File | `/APR/login.php` | High
+8 | File | `/APR/signup.php` | High
+9 | File | `/boat/login.php` | High
+10 | File | `/cgi-bin/wapopen` | High
+11 | File | `/debug/pprof` | Medium
+12 | File | `/forum/away.php` | High
+13 | File | `/mims/login.php` | High
+14 | File | `/out.php` | Medium
+15 | File | `/php-scrm/login.php` | High
+16 | File | `/public/launchNewWindow.jsp` | High
+17 | File | `/reservation/add_message.php` | High
+18 | File | `/spip.php` | Medium
+19 | File | `/textpattern/index.php` | High
+20 | File | `/tmp` | Low
+21 | File | `/video-sharing-script/watch-video.php` | High
+22 | File | `account-signup.php` | High
+23 | File | `account/signup.php` | High
+24 | File | `AcquisiAction.class.php` | High
+25 | File | `activenews_view.asp` | High
+26 | File | `adclick.php` | Medium
+27 | File | `addentry.php` | Medium
+28 | File | `admin.php` | Medium
+29 | File | `admin/?page=students/view_student` | High
+30 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+31 | File | `admin/admin_editor.php` | High
+32 | ... | ... | ...
 
-There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Candiru/README.md

@@ -91,9 +91,10 @@ ID | Type | Indicator | Confidence
 30 | File | `/librarian/lab.php` | High
 31 | File | `/login` | Low
 32 | File | `/mngset/authset` | High
-33 | ... | ... | ...
+33 | File | `/nova/bin/sniffer` | High
+34 | ... | ... | ...
 
-There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/CapraRAT/README.md

@@ -0,0 +1,69 @@
+# CapraRAT - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CapraRAT](https://vuldb.com/?actor.caprarat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.caprarat](https://vuldb.com/?actor.caprarat)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CapraRAT:
+
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [ID](https://vuldb.com/?country.id)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CapraRAT.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
+2 | [66.235.175.91](https://vuldb.com/?ip.66.235.175.91) | - | - | High
+3 | [194.233.70.54](https://vuldb.com/?ip.194.233.70.54) | vmi1131302.contaboserver.net | - | High
+4 | ... | ... | ... | ...
+
+There are 1 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _CapraRAT_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+3 | T1202 | CWE-78 | Command Injection | High
+4 | ... | ... | ... | ...
+
+There are 2 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CapraRAT. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/edit-db.php` | Medium
+2 | File | `admin/ueditor/uploadFile` | High
+3 | Argument | `href` | Low
+4 | ... | ... | ...
+
+There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/Carbanak/README.md

@@ -104,31 +104,32 @@ ID | Type | Indicator | Confidence
 14 | File | `/login/index.php` | High
 15 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
 16 | File | `/owa/auth/logon.aspx` | High
-17 | File | `/phppath/php` | Medium
-18 | File | `/proc/self/exe` | High
-19 | File | `/public/login.htm` | High
-20 | File | `/server-info` | Medium
-21 | File | `/server-status` | High
-22 | File | `/uncpath/` | Medium
-23 | File | `/user/jobmanage.php` | High
-24 | File | `/user/zs_elite.php` | High
-25 | File | `/usr/bin/enq` | Medium
-26 | File | `/web/jquery/uploader/multi_uploadify.php` | High
-27 | File | `/wp-admin/admin-ajax.php` | High
-28 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-29 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-30 | File | `/zhndnsdisplay.cmd` | High
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-32 | File | `about.php` | Medium
-33 | File | `acl.c` | Low
-34 | File | `adclick.php` | Medium
-35 | File | `add_comment.php` | High
-36 | File | `add_vhost.php` | High
-37 | File | `admin.php` | Medium
-38 | File | `admin/conf_users_edit.php` | High
-39 | ... | ... | ...
+17 | File | `/php-sms/classes/SystemSettings.php` | High
+18 | File | `/phppath/php` | Medium
+19 | File | `/proc/self/exe` | High
+20 | File | `/public/login.htm` | High
+21 | File | `/server-info` | Medium
+22 | File | `/server-status` | High
+23 | File | `/shell` | Low
+24 | File | `/uncpath/` | Medium
+25 | File | `/user/jobmanage.php` | High
+26 | File | `/user/zs_elite.php` | High
+27 | File | `/usr/bin/enq` | Medium
+28 | File | `/web/jquery/uploader/multi_uploadify.php` | High
+29 | File | `/wp-admin/admin-ajax.php` | High
+30 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+31 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+32 | File | `/zhndnsdisplay.cmd` | High
+33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+34 | File | `about.php` | Medium
+35 | File | `acl.c` | Low
+36 | File | `adclick.php` | Medium
+37 | File | `add_comment.php` | High
+38 | File | `add_vhost.php` | High
+39 | File | `admin.php` | Medium
+40 | ... | ... | ...
 
-There are 337 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cayman Islands Unknown/README.md

@@ -31,9 +31,12 @@ ID | IP address | Hostname | Campaign | Confidence
 8 | [63.136.112.0](https://vuldb.com/?ip.63.136.112.0) | - | - | High
 9 | [63.251.158.0](https://vuldb.com/?ip.63.251.158.0) | - | - | High
 10 | [64.94.58.0](https://vuldb.com/?ip.64.94.58.0) | - | - | High
-11 | ... | ... | ... | ...
+11 | [64.94.61.0](https://vuldb.com/?ip.64.94.61.0) | - | - | High
+12 | [64.94.63.0](https://vuldb.com/?ip.64.94.63.0) | - | - | High
+13 | [64.96.0.0](https://vuldb.com/?ip.64.96.0.0) | - | - | High
+14 | ... | ... | ... | ...
 
-There are 40 more IOC items available. Please use our online service to access the data.
+There are 51 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -99,27 +102,28 @@ ID | Type | Indicator | Confidence
 42 | File | `admin/param/param_func.inc.php` | High
 43 | File | `admin/y_admin.asp` | High
 44 | File | `adminer.php` | Medium
-45 | File | `administrator/components/com_media/helpers/media.php` | High
-46 | File | `admin_ok.asp` | Medium
-47 | File | `affich.php` | Medium
-48 | File | `album_portal.php` | High
-49 | File | `al_initialize.php` | High
-50 | File | `app/Core/Paginator.php` | High
-51 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
-52 | File | `artlinks.dispnew.php` | High
-53 | File | `auth.php` | Medium
-54 | File | `bin/named/query.c` | High
-55 | File | `blank.php` | Medium
-56 | File | `blocklayered-ajax.php` | High
+45 | File | `administration/admins.php` | High
+46 | File | `administrator/components/com_media/helpers/media.php` | High
+47 | File | `admin_ok.asp` | Medium
+48 | File | `affich.php` | Medium
+49 | File | `album_portal.php` | High
+50 | File | `al_initialize.php` | High
+51 | File | `app/Core/Paginator.php` | High
+52 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
+53 | File | `artlinks.dispnew.php` | High
+54 | File | `auth.php` | Medium
+55 | File | `bin/named/query.c` | High
+56 | File | `blank.php` | Medium
 57 | ... | ... | ...
 
-There are 498 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 499 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_ky.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ky.netset
 
 ## Literature
 

actors/Center-2/README.md

@@ -54,12 +54,12 @@ ID | Type | Indicator | Confidence
 4 | File | `/forum/away.php` | High
 5 | File | `/horde/util/go.php` | High
 6 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
-7 | File | `/webapps/Bb-sites-user-profile-BBLEARN/profile.form` | High
-8 | File | `/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php` | High
-9 | File | `action/addproject.php` | High
+7 | File | `/spip.php` | Medium
+8 | File | `/webapps/Bb-sites-user-profile-BBLEARN/profile.form` | High
+9 | File | `/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php` | High
 10 | ... | ... | ...
 
-There are 76 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Central African Republic Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -25,9 +25,11 @@ ID | IP address | Hostname | Campaign | Confidence
 2 | [5.62.62.76](https://vuldb.com/?ip.5.62.62.76) | r-76-62-62-5.consumer-pool.prcdn.net | - | High
 3 | [41.78.120.0](https://vuldb.com/?ip.41.78.120.0) | - | - | High
 4 | [41.223.184.0](https://vuldb.com/?ip.41.223.184.0) | - | - | High
-5 | ... | ... | ... | ...
+5 | [45.12.70.41](https://vuldb.com/?ip.45.12.70.41) | venture-case.get-eye.com | - | High
+6 | [45.12.71.41](https://vuldb.com/?ip.45.12.71.41) | - | - | High
+7 | ... | ... | ... | ...
 
-There are 17 more IOC items available. Please use our online service to access the data.
+There are 23 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -52,43 +54,45 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 3 | File | `/admin/ajax/avatar.php` | High
 4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/default.php?idx=17` | High
-8 | File | `/download` | Medium
-9 | File | `/forum/away.php` | High
-10 | File | `/index.php` | Medium
-11 | File | `/opt/bin/cli` | Medium
-12 | File | `/outgoing.php` | High
-13 | File | `/p` | Low
-14 | File | `/patient/doctors.php` | High
-15 | File | `/phpinventory/editcategory.php` | High
-16 | File | `/product-list.php` | High
-17 | File | `/spip.php` | Medium
-18 | File | `/uncpath/` | Medium
-19 | File | `/updown/upload.cgi` | High
-20 | File | `/user/del.php` | High
-21 | File | `/_next` | Low
-22 | File | `123flashchat.php` | High
-23 | File | `act.php` | Low
-24 | File | `admin/bad.php` | High
-25 | File | `admin/index.php` | High
-26 | File | `admin/index.php/user/del/1` | High
-27 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-28 | File | `administrator/index.php` | High
-29 | File | `ajax/render/widget_php` | High
-30 | File | `album_portal.php` | High
-31 | File | `api.php` | Low
-32 | File | `application/home/controller/debug.php` | High
-33 | ... | ... | ...
+5 | File | `/admin/lab.php` | High
+6 | File | `/admin/payment.php` | High
+7 | File | `/admin/show.php` | High
+8 | File | `/default.php?idx=17` | High
+9 | File | `/download` | Medium
+10 | File | `/forum/away.php` | High
+11 | File | `/index.php` | Medium
+12 | File | `/opt/bin/cli` | Medium
+13 | File | `/outgoing.php` | High
+14 | File | `/p` | Low
+15 | File | `/patient/doctors.php` | High
+16 | File | `/phpinventory/editcategory.php` | High
+17 | File | `/product-list.php` | High
+18 | File | `/spip.php` | Medium
+19 | File | `/uncpath/` | Medium
+20 | File | `/updown/upload.cgi` | High
+21 | File | `/user/del.php` | High
+22 | File | `/_next` | Low
+23 | File | `123flashchat.php` | High
+24 | File | `act.php` | Low
+25 | File | `admin/bad.php` | High
+26 | File | `admin/index.php` | High
+27 | File | `admin/index.php/user/del/1` | High
+28 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+29 | File | `administrator/index.php` | High
+30 | File | `ajax/render/widget_php` | High
+31 | File | `album_portal.php` | High
+32 | File | `api.php` | Low
+33 | File | `application/home/controller/debug.php` | High
+34 | ... | ... | ...
 
-There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_cf.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_cf.netset
 
 ## Literature
 

actors/Cerber/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 5 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -112,10 +112,9 @@ ID | Technique | Weakness | Description | Confidence
 2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+5 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -135,39 +134,40 @@ ID | Type | Indicator | Confidence
 10 | File | `/config/getuser` | High
 11 | File | `/dashboard/contact` | High
 12 | File | `/debug/pprof` | Medium
-13 | File | `/dev/bus` | Medium
+13 | File | `/ecshop/admin/template.php` | High
 14 | File | `/example/editor` | High
-15 | File | `/files/$username/Myfolder/Mysubfolder/shared.txt` | High
-16 | File | `/forum/away.php` | High
+15 | File | `/forum/away.php` | High
+16 | File | `/forum/PostPrivateMessage` | High
 17 | File | `/HNAP1` | Low
-18 | File | `/index` | Low
-19 | File | `/iu-application/controllers/administration/auth.php` | High
-20 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
+18 | File | `/home/www/cgi-bin/login.cgi` | High
+19 | File | `/index` | Low
+20 | File | `/iu-application/controllers/administration/auth.php` | High
 21 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
 22 | File | `/leave_system/classes/Master.php?f=delete_department` | High
 23 | File | `/module/module_frame/index.php` | High
-24 | File | `/music/ajax.php` | High
-25 | File | `/northstar/Admin/changePassword.jsp` | High
-26 | File | `/obs/book.php` | High
-27 | File | `/orms/` | Low
-28 | File | `/ossn/administrator/com_installer` | High
-29 | File | `/pms/update_user.php?user_id=1` | High
-30 | File | `/sre/params.php` | High
-31 | File | `/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc` | High
-32 | File | `/tmp` | Low
-33 | File | `/tmp/xbindkeysrc-tmp` | High
-34 | File | `/user/upload/upload` | High
-35 | File | `/Users` | Low
-36 | File | `/var/spool/hylafax` | High
-37 | File | `/vendor` | Low
-38 | File | `/whbs/?page=my_bookings` | High
-39 | File | `access_rules/rules_form` | High
-40 | File | `accountrecoveryendpoint/recoverpassword.do` | High
-41 | File | `action/addproject.php` | High
-42 | File | `adclick.php` | Medium
-43 | ... | ... | ...
+24 | File | `/net-banking/customer_transactions.php` | High
+25 | File | `/obs/book.php` | High
+26 | File | `/ossn/administrator/com_installer` | High
+27 | File | `/pms/update_user.php?user_id=1` | High
+28 | File | `/sre/params.php` | High
+29 | File | `/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc` | High
+30 | File | `/tmp` | Low
+31 | File | `/tmp/xbindkeysrc-tmp` | High
+32 | File | `/user/upload/upload` | High
+33 | File | `/Users` | Low
+34 | File | `/var/spool/hylafax` | High
+35 | File | `/vendor` | Low
+36 | File | `/whbs/?page=my_bookings` | High
+37 | File | `access_rules/rules_form` | High
+38 | File | `accountrecoveryendpoint/recoverpassword.do` | High
+39 | File | `action/addproject.php` | High
+40 | File | `adclick.php` | Medium
+41 | File | `add_contestant.php` | High
+42 | File | `admin.php` | Medium
+43 | File | `admin/ajax.attachment.php` | High
+44 | ... | ... | ...
 
-There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/ChaChi/README.md

@@ -44,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -81,10 +81,11 @@ ID | Type | Indicator | Confidence
 27 | File | `AccountStatus.jsp` | High
 28 | File | `add.php` | Low
 29 | File | `addentry.php` | Medium
-30 | File | `admin.php` | Medium
-31 | ... | ... | ...
+30 | File | `admin.a6mambocredits.php` | High
+31 | File | `admin.cropcanvas.php` | High
+32 | ... | ... | ...
 
-There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chad Unknown/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Chad Unknown:
 
 * [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
 * [FR](https://vuldb.com/?country.fr)
+* [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -54,37 +54,38 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 3 | File | `/admin/ajax/avatar.php` | High
 4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/default.php?idx=17` | High
-8 | File | `/download` | Medium
-9 | File | `/forum/away.php` | High
-10 | File | `/index.php` | Medium
-11 | File | `/opt/bin/cli` | Medium
-12 | File | `/p` | Low
-13 | File | `/patient/doctors.php` | High
-14 | File | `/phpinventory/editcategory.php` | High
-15 | File | `/product-list.php` | High
-16 | File | `/spip.php` | Medium
-17 | File | `/uncpath/` | Medium
-18 | File | `/updown/upload.cgi` | High
-19 | File | `/user/del.php` | High
-20 | File | `/_next` | Low
-21 | File | `123flashchat.php` | High
-22 | File | `act.php` | Low
-23 | File | `admin.php` | Medium
-24 | File | `admin/bad.php` | High
-25 | File | `admin/index.php` | High
-26 | File | `admin/index.php/user/del/1` | High
-27 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-28 | File | `administrator/index.php` | High
-29 | File | `ajax/render/widget_php` | High
-30 | File | `album_portal.php` | High
-31 | File | `api.php` | Low
-32 | File | `application/home/controller/debug.php` | High
-33 | ... | ... | ...
+5 | File | `/admin/lab.php` | High
+6 | File | `/admin/payment.php` | High
+7 | File | `/admin/show.php` | High
+8 | File | `/default.php?idx=17` | High
+9 | File | `/download` | Medium
+10 | File | `/forum/away.php` | High
+11 | File | `/index.php` | Medium
+12 | File | `/opt/bin/cli` | Medium
+13 | File | `/p` | Low
+14 | File | `/patient/doctors.php` | High
+15 | File | `/phpinventory/editcategory.php` | High
+16 | File | `/product-list.php` | High
+17 | File | `/spip.php` | Medium
+18 | File | `/uncpath/` | Medium
+19 | File | `/updown/upload.cgi` | High
+20 | File | `/user/del.php` | High
+21 | File | `/_next` | Low
+22 | File | `123flashchat.php` | High
+23 | File | `act.php` | Low
+24 | File | `admin.php` | Medium
+25 | File | `admin/bad.php` | High
+26 | File | `admin/index.php` | High
+27 | File | `admin/index.php/user/del/1` | High
+28 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+29 | File | `administrator/index.php` | High
+30 | File | `ajax/render/widget_php` | High
+31 | File | `album_portal.php` | High
+32 | File | `api.php` | Low
+33 | File | `application/home/controller/debug.php` | High
+34 | ... | ... | ...
 
-There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chafer/README.md

@@ -55,19 +55,19 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `//etc/RT2870STA.dat` | High
 2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
-3 | File | `/bin/boa` | Medium
-4 | File | `/cgi-bin/wapopen` | High
-5 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
-6 | File | `/jquery_file_upload/server/php/index.php` | High
-7 | File | `/librarian/bookdetails.php` | High
-8 | File | `/magnoliaPublic/travel/members/login.html` | High
-9 | File | `/Main_AdmStatus_Content.asp` | High
-10 | File | `/requests.php` | High
-11 | File | `/uncpath/` | Medium
-12 | File | `/var/log/nginx` | High
+3 | File | `/appConfig/userDB.json` | High
+4 | File | `/bin/boa` | Medium
+5 | File | `/cgi-bin/wapopen` | High
+6 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
+7 | File | `/jquery_file_upload/server/php/index.php` | High
+8 | File | `/librarian/bookdetails.php` | High
+9 | File | `/magnoliaPublic/travel/members/login.html` | High
+10 | File | `/Main_AdmStatus_Content.asp` | High
+11 | File | `/requests.php` | High
+12 | File | `/uncpath/` | Medium
 13 | ... | ... | ...
 
-There are 103 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 106 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chaos/README.md

@@ -53,28 +53,28 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/../conf/config.properties` | High
-2 | File | `/admin.php/singer/admin/lists/zhuan` | High
-3 | File | `/admin.php/User/level_sort` | High
-4 | File | `/authUserAction!edit.action` | High
-5 | File | `/baseOpLog.do` | High
-6 | File | `/blog/edit` | Medium
-7 | File | `/bmis/pages/resident/resident.php` | High
-8 | File | `/cgi-bin/luci/api/auth` | High
-9 | File | `/cgi-bin/luci/api/wireless` | High
-10 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
-11 | File | `/cgi-bin/uploadWeiXinPic` | High
-12 | File | `/claire_blake` | High
-13 | File | `/core/admin/categories.php` | High
-14 | File | `/dashboard/contact` | High
-15 | File | `/debug/pprof` | Medium
-16 | File | `/dms/admin/reports/daily_collection_report.php` | High
-17 | File | `/etc/config/cameo` | High
-18 | File | `/export` | Low
-19 | File | `/files.md5` | Medium
-20 | File | `/food/admin/all_users.php` | High
-21 | File | `/forum/away.php` | High
-22 | File | `/hrm/employeeview.php` | High
+1 | File | `/admin.php/singer/admin/lists/zhuan` | High
+2 | File | `/admin.php/User/level_sort` | High
+3 | File | `/authUserAction!edit.action` | High
+4 | File | `/baseOpLog.do` | High
+5 | File | `/blog/edit` | Medium
+6 | File | `/bmis/pages/resident/resident.php` | High
+7 | File | `/cgi-bin/luci/api/auth` | High
+8 | File | `/cgi-bin/luci/api/wireless` | High
+9 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
+10 | File | `/cgi-bin/uploadWeiXinPic` | High
+11 | File | `/claire_blake` | High
+12 | File | `/core/admin/categories.php` | High
+13 | File | `/dashboard/contact` | High
+14 | File | `/debug/pprof` | Medium
+15 | File | `/dms/admin/reports/daily_collection_report.php` | High
+16 | File | `/etc/config/cameo` | High
+17 | File | `/export` | Low
+18 | File | `/files.md5` | Medium
+19 | File | `/food/admin/all_users.php` | High
+20 | File | `/forum/away.php` | High
+21 | File | `/hrm/employeeview.php` | High
+22 | File | `/htdocs/cgibin` | High
 23 | File | `/images/` | Medium
 24 | File | `/isms/classes/Users.php` | High
 25 | File | `/login` | Low
@@ -86,7 +86,7 @@ ID | Type | Indicator | Confidence
 31 | File | `/out.php` | Medium
 32 | ... | ... | ...
 
-There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Charming Kitten/README.md

@@ -18,10 +18,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [CN](https://vuldb.com/?country.cn)
 * [NL](https://vuldb.com/?country.nl)
-* [ES](https://vuldb.com/?country.es)
+* [US](https://vuldb.com/?country.us)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -63,13 +63,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 18 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -78,37 +78,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/about.php` | Medium
-2 | File | `/admin/submit-articles` | High
-3 | File | `/admin/subnets/ripe-query.php` | High
-4 | File | `/ad_js.php` | Medium
-5 | File | `/app/options.py` | High
-6 | File | `/attachments` | Medium
-7 | File | `/cgi-bin/login.cgi` | High
-8 | File | `/cgi-bin/luci/api/wireless` | High
-9 | File | `/ci_hms/massage_room/edit/1` | High
-10 | File | `/context/%2e/WEB-INF/web.xml` | High
-11 | File | `/core/conditions/AbstractWrapper.java` | High
-12 | File | `/dashboard/reports/logs/view` | High
-13 | File | `/debian/patches/load_ppp_generic_if_needed` | High
-14 | File | `/debug/pprof` | Medium
-15 | File | `/etc/hosts` | Medium
-16 | File | `/export` | Low
-17 | File | `/goform/setmac` | High
-18 | File | `/goform/wizard_end` | High
-19 | File | `/hardware` | Medium
-20 | File | `/hprms/admin/doctors/manage_doctor.php` | High
-21 | File | `/index/jobfairol/show/` | High
-22 | File | `/librarian/bookdetails.php` | High
-23 | File | `/manage-apartment.php` | High
-24 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-25 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-26 | File | `/pages/apply_vacancy.php` | High
-27 | File | `/plugin/LiveChat/getChat.json.php` | High
-28 | File | `/proc/<PID>/mem` | High
-29 | File | `/proxy` | Low
-30 | ... | ... | ...
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/doctors.php` | High
+6 | File | `/admin/submit-articles` | High
+7 | File | `/admin/subnets/ripe-query.php` | High
+8 | File | `/ad_js.php` | Medium
+9 | File | `/alphaware/summary.php` | High
+10 | File | `/api/` | Low
+11 | File | `/api/admin/store/product/list` | High
+12 | File | `/attachments` | Medium
+13 | File | `/boat/login.php` | High
+14 | File | `/bsms_ci/index.php/book` | High
+15 | File | `/cgi-bin/luci/api/wireless` | High
+16 | File | `/context/%2e/WEB-INF/web.xml` | High
+17 | File | `/dashboard/reports/logs/view` | High
+18 | File | `/debian/patches/load_ppp_generic_if_needed` | High
+19 | File | `/debug/pprof` | Medium
+20 | File | `/etc/hosts` | Medium
+21 | File | `/export` | Low
+22 | File | `/forum/away.php` | High
+23 | File | `/goform/setmac` | High
+24 | File | `/goform/wizard_end` | High
+25 | File | `/hardware` | Medium
+26 | File | `/manage-apartment.php` | High
+27 | File | `/medicines/profile.php` | High
+28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+29 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+30 | File | `/pages/apply_vacancy.php` | High
+31 | File | `/proc/<PID>/mem` | High
+32 | File | `/proxy` | Low
+33 | File | `/reservation/add_message.php` | High
+34 | File | `/spip.php` | Medium
+35 | File | `/tmp` | Low
+36 | File | `/uncpath/` | Medium
+37 | File | `/upload` | Low
+38 | ... | ... | ...
 
-There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chile Unknown/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Chile Unknown:
 
 * [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
 * [CN](https://vuldb.com/?country.cn)
+* [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 29 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -266,14 +266,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
-6 | ... | ... | ... | ...
+3 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -281,72 +279,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `.php.gif` | Medium
-3 | File | `.procmailrc` | Medium
-4 | File | `/?admin/user.html` | High
-5 | File | `/Admin/add-student.php` | High
-6 | File | `/admin/api/admin/articles/` | High
-7 | File | `/Admin/login.php` | High
-8 | File | `/admin/submit-articles` | High
-9 | File | `/apilog.php` | Medium
-10 | File | `/cgi-bin/webadminget.cgi` | High
-11 | File | `/connectors/index.php` | High
-12 | File | `/Default/Bd` | Medium
-13 | File | `/DesignTools/CssEditor.aspx` | High
-14 | File | `/dev/block/mmcblk0rpmb` | High
-15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-16 | File | `/employeeview.php` | High
-17 | File | `/face-recognition-php/facepay-master/camera.php` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/forum/PostPrivateMessage` | High
-20 | File | `/fos/admin/ajax.php?action=login` | High
-21 | File | `/fos/admin/index.php?page=menu` | High
-22 | File | `/home/masterConsole` | High
-23 | File | `/home/sendBroadcast` | High
-24 | File | `/hrm/controller/employee.php` | High
-25 | File | `/hrm/employeeadd.php` | High
-26 | File | `/hrm/employeeview.php` | High
-27 | File | `/index.php` | Medium
-28 | File | `/items/view_item.php` | High
-29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-30 | File | `/lookin/info` | Medium
-31 | File | `/manager/index.php` | High
-32 | File | `/medical/inventories.php` | High
-33 | File | `/modules/profile/index.php` | High
-34 | File | `/modules/projects/vw_files.php` | High
-35 | File | `/modules/public/calendar.php` | High
-36 | File | `/net/nfc/netlink.c` | High
-37 | File | `/newsDia.php` | Medium
-38 | File | `/out.php` | Medium
-39 | File | `/php_action/editProductImage.php` | High
-40 | File | `/product/savenewproduct.php?flag=1` | High
-41 | File | `/proxy` | Low
-42 | File | `/Redcock-Farm/farm/category.php` | High
-43 | File | `/reports/rwservlet` | High
-44 | File | `/sacco_shield/manage_user.php` | High
-45 | File | `/services/Card/findUser` | High
-46 | File | `/spip.php` | Medium
-47 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-48 | File | `/staff/bookdetails.php` | High
-49 | File | `/uncpath/` | Medium
-50 | File | `/user/update_booking.php` | High
-51 | File | `/view-property.php` | High
-52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-53 | File | `/wireless/security.asp` | High
-54 | File | `/wordpress/wp-admin/options-general.php` | High
-55 | File | `/wp-admin/admin-ajax.php` | High
-56 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-57 | File | `/_next` | Low
-58 | File | `01article.php` | High
-59 | File | `5.2.9\syscrb.exe` | High
-60 | File | `AbstractScheduleJob.java` | High
-61 | File | `actionphp/download.File.php` | High
-62 | File | `adclick.php` | Medium
-63 | File | `addtocart.asp` | High
-64 | ... | ... | ...
+1 | File | `/admin/` | Low
+2 | File | `/APR/login.php` | High
+3 | File | `/APR/signup.php` | High
+4 | File | `/cgi-bin/wapopen` | High
+5 | File | `/forum/away.php` | High
+6 | File | `/mims/login.php` | High
+7 | File | `/mygym/admin/index.php?view_exercises` | High
+8 | File | `/out.php` | Medium
+9 | File | `/php-opos/index.php` | High
+10 | File | `/php-scrm/login.php` | High
+11 | File | `/public/launchNewWindow.jsp` | High
+12 | File | `/spip.php` | Medium
+13 | File | `/textpattern/index.php` | High
+14 | File | `/tmp` | Low
+15 | File | `account-signup.php` | High
+16 | File | `account/signup.php` | High
+17 | File | `activenews_view.asp` | High
+18 | File | `addentry.php` | Medium
+19 | File | `admin.php` | Medium
+20 | File | `admin/?page=students/view_student` | High
+21 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+22 | File | `admin/admin_editor.php` | High
+23 | File | `admin/conf_users_edit.php` | High
+24 | File | `adminer.php` | Medium
+25 | File | `articulo.php` | Medium
+26 | File | `art_detalle.php` | High
+27 | File | `banner_add_edit.asp` | High
+28 | File | `Bin/ConnectWiseControl.Client.exe` | High
+29 | File | `blocks/block-Old_Articles.php` | High
+30 | ... | ... | ...
 
-There are 564 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 252 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chimera/README.md

@@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 20 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -47,39 +47,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.FBCIndex` | Medium
-2 | File | `/.env` | Low
-3 | File | `/.ssh/authorized_keys` | High
-4 | File | `/as/authorization.oauth2` | High
-5 | File | `/blogengine/api/posts` | High
-6 | File | `/cgi-bin/api-get_line_status` | High
-7 | File | `/cgi-bin/luci` | High
-8 | File | `/cgi-bin/luci/api/auth` | High
-9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-10 | File | `/cgi-bin/upload_vpntar` | High
-11 | File | `/cgi-bin/wlogin.cgi` | High
-12 | File | `/Content/Template/root/reverse-shell.aspx` | High
+1 | File | `/.env` | Low
+2 | File | `/admin/patient.php` | High
+3 | File | `/as/authorization.oauth2` | High
+4 | File | `/blogengine/api/posts` | High
+5 | File | `/cgi-bin/api-get_line_status` | High
+6 | File | `/cgi-bin/luci/api/auth` | High
+7 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
+8 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+9 | File | `/cgi-bin/upload_vpntar` | High
+10 | File | `/cgi-bin/wlogin.cgi` | High
+11 | File | `/Content/Template/root/reverse-shell.aspx` | High
+12 | File | `/DXR.axd` | Medium
 13 | File | `/export` | Low
-14 | File | `/forum/away.php` | High
-15 | File | `/h/calendar` | Medium
-16 | File | `/hrm/controller/employee.php` | High
-17 | File | `/login/index.php` | High
-18 | File | `/mkshope/login.php` | High
-19 | File | `/network_test.php` | High
-20 | File | `/obs/book.php` | High
-21 | File | `/products/view_product.php` | High
-22 | File | `/public/launchNewWindow.jsp` | High
-23 | File | `/public/login.htm` | High
-24 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
-25 | File | `/secure/QueryComponent!Default.jspa` | High
-26 | File | `/self.key` | Medium
-27 | File | `/services/view_service.php` | High
-28 | File | `/shell` | Low
-29 | File | `/spip.php` | Medium
-30 | File | `/uncpath/` | Medium
-31 | ... | ... | ...
+14 | File | `/filemanager/php/connector.php` | High
+15 | File | `/forum/away.php` | High
+16 | File | `/login/index.php` | High
+17 | File | `/modules/projects/vw_files.php` | High
+18 | File | `/obs/book.php` | High
+19 | File | `/products/view_product.php` | High
+20 | File | `/public/login.htm` | High
+21 | File | `/rukovoditel/index.php?module=users/login` | High
+22 | File | `/secure/QueryComponent!Default.jspa` | High
+23 | File | `/shell` | Low
+24 | File | `/spip.php` | Medium
+25 | File | `/uncpath/` | Medium
+26 | File | `/usr/bin/tddp` | High
+27 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+28 | File | `/wp-admin/admin-ajax.php` | High
+29 | File | `/wp-admin/options.php` | High
+30 | File | `/wp-json/wc/v3/webhooks` | High
+31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+32 | File | `adclick.php` | Medium
+33 | ... | ... | ...
 
-There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/China Unknown/README.md

@@ -21,10 +21,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [NL](https://vuldb.com/?country.nl)
+* [JP](https://vuldb.com/?country.jp)
 * ...
 
-There are 8 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -1659,10 +1659,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | ... | ... | ... | ...
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
 There are 14 more TTP items available. Please use our online service to access the data.
 
@@ -1681,26 +1682,31 @@ ID | Type | Indicator | Confidence
 7 | File | `/APR/login.php` | High
 8 | File | `/APR/signup.php` | High
 9 | File | `/boat/login.php` | High
-10 | File | `/debug/pprof` | Medium
-11 | File | `/etc/openstack-dashboard/local_settings` | High
-12 | File | `/forum/away.php` | High
-13 | File | `/mims/login.php` | High
-14 | File | `/mygym/admin/index.php?view_exercises` | High
-15 | File | `/php-opos/index.php` | High
-16 | File | `/php-scrm/login.php` | High
-17 | File | `/reservation/add_message.php` | High
-18 | File | `/secure/QueryComponent!Default.jspa` | High
-19 | File | `/textpattern/index.php` | High
-20 | File | `/tmp` | Low
-21 | File | `/video-sharing-script/watch-video.php` | High
-22 | File | `account-signup.php` | High
-23 | File | `account/signup.php` | High
-24 | File | `addentry.php` | Medium
-25 | File | `admin.php` | Medium
-26 | File | `admin/admin.php?action=users&mode=info&user=2` | High
-27 | ... | ... | ...
+10 | File | `/cgi-bin/wapopen` | High
+11 | File | `/debug/pprof` | Medium
+12 | File | `/etc/openstack-dashboard/local_settings` | High
+13 | File | `/forum/away.php` | High
+14 | File | `/goform/addressNat` | High
+15 | File | `/HNAP1/SetClientInfo` | High
+16 | File | `/mims/login.php` | High
+17 | File | `/php-scrm/login.php` | High
+18 | File | `/public/launchNewWindow.jsp` | High
+19 | File | `/reservation/add_message.php` | High
+20 | File | `/secure/QueryComponent!Default.jspa` | High
+21 | File | `/textpattern/index.php` | High
+22 | File | `/tmp` | Low
+23 | File | `/video-sharing-script/watch-video.php` | High
+24 | File | `account-signup.php` | High
+25 | File | `account/signup.php` | High
+26 | File | `Acl.asp` | Low
+27 | File | `AcquisiAction.class.php` | High
+28 | File | `activenews_view.asp` | High
+29 | File | `addentry.php` | Medium
+30 | File | `admin.php` | Medium
+31 | File | `admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17` | High
+32 | ... | ... | ...
 
-There are 229 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 269 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Christmas Island Unknown/README.md

@@ -51,37 +51,38 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 3 | File | `/admin/ajax/avatar.php` | High
 4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/default.php?idx=17` | High
-8 | File | `/download` | Medium
-9 | File | `/forum/away.php` | High
-10 | File | `/index.php` | Medium
-11 | File | `/opt/bin/cli` | Medium
-12 | File | `/p` | Low
-13 | File | `/patient/doctors.php` | High
-14 | File | `/phpinventory/editcategory.php` | High
-15 | File | `/product-list.php` | High
-16 | File | `/spip.php` | Medium
-17 | File | `/uncpath/` | Medium
-18 | File | `/updown/upload.cgi` | High
-19 | File | `/user/del.php` | High
-20 | File | `/_next` | Low
-21 | File | `123flashchat.php` | High
-22 | File | `act.php` | Low
-23 | File | `admin/bad.php` | High
-24 | File | `admin/index.php` | High
-25 | File | `admin/index.php/user/del/1` | High
-26 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-27 | File | `administrator/index.php` | High
-28 | File | `ajax/render/widget_php` | High
-29 | File | `album_portal.php` | High
-30 | File | `api.php` | Low
-31 | File | `application/home/controller/debug.php` | High
-32 | File | `articulo.php` | Medium
-33 | ... | ... | ...
+5 | File | `/admin/lab.php` | High
+6 | File | `/admin/payment.php` | High
+7 | File | `/admin/show.php` | High
+8 | File | `/default.php?idx=17` | High
+9 | File | `/download` | Medium
+10 | File | `/forum/away.php` | High
+11 | File | `/index.php` | Medium
+12 | File | `/opt/bin/cli` | Medium
+13 | File | `/p` | Low
+14 | File | `/patient/doctors.php` | High
+15 | File | `/phpinventory/editcategory.php` | High
+16 | File | `/product-list.php` | High
+17 | File | `/spip.php` | Medium
+18 | File | `/uncpath/` | Medium
+19 | File | `/updown/upload.cgi` | High
+20 | File | `/user/del.php` | High
+21 | File | `/_next` | Low
+22 | File | `123flashchat.php` | High
+23 | File | `act.php` | Low
+24 | File | `admin/bad.php` | High
+25 | File | `admin/index.php` | High
+26 | File | `admin/index.php/user/del/1` | High
+27 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+28 | File | `administrator/index.php` | High
+29 | File | `ajax/render/widget_php` | High
+30 | File | `album_portal.php` | High
+31 | File | `api.php` | Low
+32 | File | `application/home/controller/debug.php` | High
+33 | File | `articulo.php` | Medium
+34 | ... | ... | ...
 
-There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chthonic/README.md

@@ -101,7 +101,7 @@ ID | Type | Indicator | Confidence
 25 | File | `/viewer/krpano.html` | High
 26 | ... | ... | ...
 
-There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 218 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cobalt Group/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [SV](https://vuldb.com/?country.sv)
 * ...
 
-There are 7 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -79,19 +79,19 @@ ID | Type | Indicator | Confidence
 27 | File | `/operations/travellers.php` | High
 28 | File | `/php-sms/admin/orders/update_status.php` | High
 29 | File | `/php-sms/classes/Master.php?f=delete_service` | High
-30 | File | `/php_action/editProductImage.php` | High
-31 | File | `/release-x64/otfccdump+0x6b6a8f` | High
-32 | File | `/release-x64/otfccdump+0x6e7e3d` | High
-33 | File | `/release-x64/otfccdump+0x6e41a8` | High
-34 | File | `/rukovoditel/index.php?module=users/login` | High
-35 | File | `/SVFE2/pages/feegroups/mcc_group.jsf` | High
-36 | File | `/sys/duplicate/check` | High
-37 | File | `/timeline2.php` | High
-38 | File | `/ucenter/repass.php` | High
-39 | File | `/usr/sbin/httpd` | High
+30 | File | `/release-x64/otfccdump+0x6b6a8f` | High
+31 | File | `/release-x64/otfccdump+0x6e7e3d` | High
+32 | File | `/release-x64/otfccdump+0x6e41a8` | High
+33 | File | `/rukovoditel/index.php?module=users/login` | High
+34 | File | `/SVFE2/pages/feegroups/mcc_group.jsf` | High
+35 | File | `/sys/duplicate/check` | High
+36 | File | `/timeline2.php` | High
+37 | File | `/ucenter/repass.php` | High
+38 | File | `/usr/sbin/httpd` | High
+39 | File | `/var/log/messages` | High
 40 | ... | ... | ...
 
-There are 346 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cobalt Strike/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 8 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -82,13 +82,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 15 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -96,36 +96,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.env` | Low
+1 | File | `/admin` | Low
 2 | File | `/admin/` | Low
 3 | File | `/admin/patient.php` | High
 4 | File | `/APR/login.php` | High
 5 | File | `/APR/signup.php` | High
-6 | File | `/as/authorization.oauth2` | High
-7 | File | `/cgi-bin/luci/api/auth` | High
-8 | File | `/cgi-bin/wapopen` | High
+6 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+7 | File | `/cgi-bin/wapopen` | High
+8 | File | `/churchcrm/EventAttendance.php` | High
 9 | File | `/DXR.axd` | Medium
 10 | File | `/filemanager/php/connector.php` | High
 11 | File | `/forum/away.php` | High
 12 | File | `/HNAP1/SetClientInfo` | High
-13 | File | `/mims/login.php` | High
-14 | File | `/php-scrm/login.php` | High
-15 | File | `/rukovoditel/index.php?module=users/login` | High
-16 | File | `/textpattern/index.php` | High
-17 | File | `/tmp` | Low
-18 | File | `account-signup.php` | High
-19 | File | `account/signup.php` | High
-20 | File | `addentry.php` | Medium
-21 | File | `admin.php` | Medium
-22 | File | `admin/admin_editor.php` | High
-23 | File | `admin/conf_users_edit.php` | High
-24 | File | `admin/template/js/uploadify/uploadify.swf` | High
-25 | File | `admin/TemplateController.java` | High
-26 | File | `adminer.php` | Medium
-27 | File | `AndroidManifest.xml` | High
-28 | ... | ... | ...
+13 | File | `/mhds/clinic/view_details.php` | High
+14 | File | `/mims/login.php` | High
+15 | File | `/modules/projects/vw_files.php` | High
+16 | File | `/php-scrm/login.php` | High
+17 | File | `/public/launchNewWindow.jsp` | High
+18 | File | `/rukovoditel/index.php?module=users/login` | High
+19 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
+20 | File | `/static/ueditor/php/controller.php` | High
+21 | File | `/textpattern/index.php` | High
+22 | File | `/tmp` | Low
+23 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+24 | File | `/wp-admin/admin-ajax.php` | High
+25 | File | `/wp-admin/options.php` | High
+26 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+27 | File | `account/signup.php` | High
+28 | File | `Acl.asp` | Low
+29 | File | `activenews_view.asp` | High
+30 | File | `adclick.php` | Medium
+31 | File | `addentry.php` | Medium
+32 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
+33 | File | `admin.php` | Medium
+34 | File | `admin/admin_editor.php` | High
+35 | File | `admin/TemplateController.java` | High
+36 | File | `admincp.php` | Medium
+37 | File | `adminer.php` | Medium
+38 | File | `affich.php` | Medium
+39 | File | `ajax/telemetry.php` | High
+40 | ... | ... | ...
 
-There are 235 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/CoinMiner/README.md

@@ -51,7 +51,7 @@ ID | Technique | Weakness | Description | Confidence
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 14 more TTP items available. Please use our online service to access the data.
+There are 15 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 

actors/CoinStomp/README.md

@@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinStomp:
 
 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)
 * [RU](https://vuldb.com/?country.ru)
+* [CN](https://vuldb.com/?country.cn)
 * ...
 
 There are 1 more country items available. Please use our online service to access the data.
@@ -88,10 +88,9 @@ ID | Type | Indicator | Confidence
 41 | File | `coders/dds.c` | Medium
 42 | File | `coders/webp.c` | High
 43 | File | `CollabNetApp.java` | High
-44 | File | `collection.class.php` | High
-45 | ... | ... | ...
+44 | ... | ... | ...
 
-There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Colombia Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 23 more country items available. Please use our online service to access the data.
+There are 29 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -21,170 +21,234 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.8.46.128](https://vuldb.com/?ip.5.8.46.128) | - | - | High
-2 | [5.62.56.60](https://vuldb.com/?ip.5.62.56.60) | r-60-56-62-5.consumer-pool.prcdn.net | - | High
-3 | [5.62.58.56](https://vuldb.com/?ip.5.62.58.56) | r-56-58-62-5.consumer-pool.prcdn.net | - | High
-4 | [5.182.120.0](https://vuldb.com/?ip.5.182.120.0) | - | - | High
-5 | [8.243.64.0](https://vuldb.com/?ip.8.243.64.0) | - | - | High
-6 | [8.243.160.0](https://vuldb.com/?ip.8.243.160.0) | - | - | High
-7 | [17.45.148.0](https://vuldb.com/?ip.17.45.148.0) | - | - | High
-8 | [17.45.170.111](https://vuldb.com/?ip.17.45.170.111) | - | - | High
-9 | [23.232.253.0](https://vuldb.com/?ip.23.232.253.0) | - | - | High
-10 | [23.235.44.0](https://vuldb.com/?ip.23.235.44.0) | - | - | High
-11 | [32.59.144.0](https://vuldb.com/?ip.32.59.144.0) | - | - | High
-12 | [34.100.24.0](https://vuldb.com/?ip.34.100.24.0) | 0.24.100.34.bc.googleusercontent.com | - | Medium
-13 | [34.100.56.0](https://vuldb.com/?ip.34.100.56.0) | 0.56.100.34.bc.googleusercontent.com | - | Medium
-14 | [45.5.160.0](https://vuldb.com/?ip.45.5.160.0) | - | - | High
-15 | [45.5.172.0](https://vuldb.com/?ip.45.5.172.0) | - | - | High
-16 | [45.5.180.0](https://vuldb.com/?ip.45.5.180.0) | - | - | High
-17 | [45.5.184.0](https://vuldb.com/?ip.45.5.184.0) | - | - | High
-18 | [45.7.132.0](https://vuldb.com/?ip.45.7.132.0) | 45-7-132-0.ims-ipv4.com | - | High
-19 | [45.12.70.49](https://vuldb.com/?ip.45.12.70.49) | files-clock.get-eye.com | - | High
-20 | [45.12.71.49](https://vuldb.com/?ip.45.12.71.49) | - | - | High
-21 | [45.65.136.0](https://vuldb.com/?ip.45.65.136.0) | - | - | High
-22 | [45.65.200.0](https://vuldb.com/?ip.45.65.200.0) | - | - | High
-23 | [45.65.232.0](https://vuldb.com/?ip.45.65.232.0) | - | - | High
-24 | [45.70.168.0](https://vuldb.com/?ip.45.70.168.0) | - | - | High
-25 | [45.71.7.0](https://vuldb.com/?ip.45.71.7.0) | - | - | High
-26 | [45.71.180.0](https://vuldb.com/?ip.45.71.180.0) | - | - | High
-27 | [45.87.11.0](https://vuldb.com/?ip.45.87.11.0) | - | - | High
-28 | [45.129.32.0](https://vuldb.com/?ip.45.129.32.0) | - | - | High
-29 | [45.131.162.0](https://vuldb.com/?ip.45.131.162.0) | - | - | High
-30 | [45.162.0.0](https://vuldb.com/?ip.45.162.0.0) | - | - | High
-31 | [45.162.76.0](https://vuldb.com/?ip.45.162.76.0) | - | - | High
-32 | [45.162.82.0](https://vuldb.com/?ip.45.162.82.0) | 0-82-162-45.static-col.wifaocolombia.com | - | High
-33 | [45.162.84.0](https://vuldb.com/?ip.45.162.84.0) | 0-84-162-45.static-col.wifaocolombia.com | - | High
-34 | [45.162.126.0](https://vuldb.com/?ip.45.162.126.0) | - | - | High
-35 | [45.163.0.0](https://vuldb.com/?ip.45.163.0.0) | - | - | High
-36 | [45.163.28.0](https://vuldb.com/?ip.45.163.28.0) | - | - | High
-37 | [45.163.30.0](https://vuldb.com/?ip.45.163.30.0) | - | - | High
-38 | [45.167.124.0](https://vuldb.com/?ip.45.167.124.0) | - | - | High
-39 | [45.167.126.0](https://vuldb.com/?ip.45.167.126.0) | - | - | High
-40 | [45.167.248.0](https://vuldb.com/?ip.45.167.248.0) | - | - | High
-41 | [45.168.104.0](https://vuldb.com/?ip.45.168.104.0) | - | - | High
-42 | [45.169.98.0](https://vuldb.com/?ip.45.169.98.0) | rede-45.169.98.netcomunicaciones.com | - | High
-43 | [45.169.253.0](https://vuldb.com/?ip.45.169.253.0) | - | - | High
-44 | [45.170.124.0](https://vuldb.com/?ip.45.170.124.0) | - | - | High
-45 | [45.170.132.0](https://vuldb.com/?ip.45.170.132.0) | - | - | High
-46 | [45.170.240.0](https://vuldb.com/?ip.45.170.240.0) | - | - | High
-47 | [45.171.118.0](https://vuldb.com/?ip.45.171.118.0) | - | - | High
-48 | [45.171.180.0](https://vuldb.com/?ip.45.171.180.0) | - | - | High
-49 | [45.172.178.0](https://vuldb.com/?ip.45.172.178.0) | - | - | High
-50 | [45.172.184.0](https://vuldb.com/?ip.45.172.184.0) | - | - | High
-51 | [45.172.218.0](https://vuldb.com/?ip.45.172.218.0) | - | - | High
-52 | [45.172.222.0](https://vuldb.com/?ip.45.172.222.0) | - | - | High
-53 | [45.173.4.0](https://vuldb.com/?ip.45.173.4.0) | 45-173-4-0.ims-ipv4.com | - | High
-54 | [45.173.8.0](https://vuldb.com/?ip.45.173.8.0) | mymnetworks.com | - | High
-55 | [45.173.12.0](https://vuldb.com/?ip.45.173.12.0) | - | - | High
-56 | [45.173.14.0](https://vuldb.com/?ip.45.173.14.0) | 45-173-14-0.tvisla.net.co | - | High
-57 | [45.173.44.0](https://vuldb.com/?ip.45.173.44.0) | 45-173-44-0.tvisla.net.co | - | High
-58 | [45.173.68.0](https://vuldb.com/?ip.45.173.68.0) | - | - | High
-59 | [45.174.196.0](https://vuldb.com/?ip.45.174.196.0) | - | - | High
-60 | [45.174.224.0](https://vuldb.com/?ip.45.174.224.0) | - | - | High
-61 | [45.174.227.0](https://vuldb.com/?ip.45.174.227.0) | - | - | High
-62 | [45.175.20.0](https://vuldb.com/?ip.45.175.20.0) | - | - | High
-63 | [45.175.139.0](https://vuldb.com/?ip.45.175.139.0) | - | - | High
-64 | [45.176.70.0](https://vuldb.com/?ip.45.176.70.0) | - | - | High
-65 | [45.176.193.0](https://vuldb.com/?ip.45.176.193.0) | - | - | High
-66 | [45.176.232.0](https://vuldb.com/?ip.45.176.232.0) | - | - | High
-67 | [45.177.52.0](https://vuldb.com/?ip.45.177.52.0) | - | - | High
-68 | [45.177.54.0](https://vuldb.com/?ip.45.177.54.0) | - | - | High
-69 | [45.177.108.0](https://vuldb.com/?ip.45.177.108.0) | 45-177-108-0.ims-ipv4.com | - | High
-70 | [45.178.4.0](https://vuldb.com/?ip.45.178.4.0) | hostedby.packetbunker.com | - | High
-71 | [45.178.12.0](https://vuldb.com/?ip.45.178.12.0) | - | - | High
-72 | [45.178.64.0](https://vuldb.com/?ip.45.178.64.0) | - | - | High
-73 | [45.179.160.0](https://vuldb.com/?ip.45.179.160.0) | - | - | High
-74 | [45.179.200.0](https://vuldb.com/?ip.45.179.200.0) | - | - | High
-75 | [45.179.244.0](https://vuldb.com/?ip.45.179.244.0) | - | - | High
-76 | [45.180.22.0](https://vuldb.com/?ip.45.180.22.0) | - | - | High
-77 | [45.180.44.0](https://vuldb.com/?ip.45.180.44.0) | - | - | High
-78 | [45.180.82.0](https://vuldb.com/?ip.45.180.82.0) | - | - | High
-79 | [45.180.112.0](https://vuldb.com/?ip.45.180.112.0) | - | - | High
-80 | [45.181.156.0](https://vuldb.com/?ip.45.181.156.0) | 45-181-156-0.odatacolocation.com.br | - | High
-81 | [45.181.188.0](https://vuldb.com/?ip.45.181.188.0) | - | - | High
-82 | [45.181.204.0](https://vuldb.com/?ip.45.181.204.0) | - | - | High
-83 | [45.182.41.0](https://vuldb.com/?ip.45.182.41.0) | - | - | High
-84 | [45.182.190.0](https://vuldb.com/?ip.45.182.190.0) | - | - | High
-85 | [45.183.40.0](https://vuldb.com/?ip.45.183.40.0) | - | - | High
-86 | [45.183.196.0](https://vuldb.com/?ip.45.183.196.0) | - | - | High
-87 | [45.183.247.0](https://vuldb.com/?ip.45.183.247.0) | 0.247.183.45.static.luma.cloud | - | High
-88 | [45.185.31.0](https://vuldb.com/?ip.45.185.31.0) | - | - | High
-89 | [45.187.48.0](https://vuldb.com/?ip.45.187.48.0) | - | - | High
-90 | [45.189.119.0](https://vuldb.com/?ip.45.189.119.0) | - | - | High
-91 | [45.191.0.0](https://vuldb.com/?ip.45.191.0.0) | 0.0.191.45.host.as64114.com | - | High
-92 | [45.224.186.0](https://vuldb.com/?ip.45.224.186.0) | - | - | High
-93 | [45.225.224.0](https://vuldb.com/?ip.45.225.224.0) | - | - | High
-94 | [45.226.112.0](https://vuldb.com/?ip.45.226.112.0) | - | - | High
-95 | [45.226.186.0](https://vuldb.com/?ip.45.226.186.0) | - | - | High
-96 | [45.227.5.0](https://vuldb.com/?ip.45.227.5.0) | - | - | High
-97 | [45.227.88.0](https://vuldb.com/?ip.45.227.88.0) | - | - | High
-98 | [45.229.72.0](https://vuldb.com/?ip.45.229.72.0) | - | - | High
-99 | [45.229.192.0](https://vuldb.com/?ip.45.229.192.0) | - | - | High
-100 | [45.230.33.0](https://vuldb.com/?ip.45.230.33.0) | - | - | High
-101 | [45.231.184.0](https://vuldb.com/?ip.45.231.184.0) | - | - | High
-102 | [45.233.4.0](https://vuldb.com/?ip.45.233.4.0) | - | - | High
-103 | [45.233.72.0](https://vuldb.com/?ip.45.233.72.0) | - | - | High
-104 | [45.233.168.0](https://vuldb.com/?ip.45.233.168.0) | - | - | High
-105 | [45.235.40.0](https://vuldb.com/?ip.45.235.40.0) | - | - | High
-106 | [45.237.36.0](https://vuldb.com/?ip.45.237.36.0) | - | - | High
-107 | [45.238.144.0](https://vuldb.com/?ip.45.238.144.0) | - | - | High
-108 | [45.238.180.0](https://vuldb.com/?ip.45.238.180.0) | - | - | High
-109 | [45.238.196.0](https://vuldb.com/?ip.45.238.196.0) | - | - | High
-110 | [45.239.88.0](https://vuldb.com/?ip.45.239.88.0) | - | - | High
-111 | [45.239.115.0](https://vuldb.com/?ip.45.239.115.0) | - | - | High
-112 | [57.74.192.0](https://vuldb.com/?ip.57.74.192.0) | - | - | High
-113 | [63.163.180.0](https://vuldb.com/?ip.63.163.180.0) | - | - | High
-114 | [63.168.93.0](https://vuldb.com/?ip.63.168.93.0) | - | - | High
-115 | [63.174.200.0](https://vuldb.com/?ip.63.174.200.0) | - | - | High
-116 | [63.245.96.0](https://vuldb.com/?ip.63.245.96.0) | - | - | High
-117 | [64.76.48.0](https://vuldb.com/?ip.64.76.48.0) | - | - | High
-118 | [64.76.56.0](https://vuldb.com/?ip.64.76.56.0) | - | - | High
-119 | [64.76.80.0](https://vuldb.com/?ip.64.76.80.0) | - | - | High
-120 | [64.76.90.0](https://vuldb.com/?ip.64.76.90.0) | - | - | High
-121 | [64.76.112.0](https://vuldb.com/?ip.64.76.112.0) | c6476112-0.dynamic.impsat.com.co | - | High
-122 | [64.76.188.0](https://vuldb.com/?ip.64.76.188.0) | - | - | High
-123 | [64.76.208.0](https://vuldb.com/?ip.64.76.208.0) | - | - | High
-124 | [64.140.143.128](https://vuldb.com/?ip.64.140.143.128) | - | - | High
-125 | [65.167.48.0](https://vuldb.com/?ip.65.167.48.0) | - | - | High
-126 | [65.167.80.0](https://vuldb.com/?ip.65.167.80.0) | - | - | High
-127 | [65.168.52.0](https://vuldb.com/?ip.65.168.52.0) | - | - | High
-128 | [65.208.64.0](https://vuldb.com/?ip.65.208.64.0) | - | - | High
-129 | [66.231.64.0](https://vuldb.com/?ip.66.231.64.0) | host-66-231-64-0.telecu.es | - | High
-130 | [66.231.68.0](https://vuldb.com/?ip.66.231.68.0) | - | - | High
-131 | [67.73.184.0](https://vuldb.com/?ip.67.73.184.0) | - | - | High
-132 | [67.73.224.0](https://vuldb.com/?ip.67.73.224.0) | - | - | High
-133 | [67.73.240.0](https://vuldb.com/?ip.67.73.240.0) | - | - | High
-134 | [67.73.248.0](https://vuldb.com/?ip.67.73.248.0) | - | - | High
-135 | [67.73.252.0](https://vuldb.com/?ip.67.73.252.0) | - | - | High
-136 | [69.174.45.32](https://vuldb.com/?ip.69.174.45.32) | ns1648.ztomy.com | - | High
-137 | [69.195.211.0](https://vuldb.com/?ip.69.195.211.0) | - | - | High
-138 | [70.35.156.0](https://vuldb.com/?ip.70.35.156.0) | - | - | High
-139 | [81.173.106.120](https://vuldb.com/?ip.81.173.106.120) | - | - | High
-140 | [82.195.173.245](https://vuldb.com/?ip.82.195.173.245) | - | - | High
-141 | [91.195.110.0](https://vuldb.com/?ip.91.195.110.0) | - | - | High
-142 | [104.132.160.0](https://vuldb.com/?ip.104.132.160.0) | - | - | High
-143 | [104.166.117.0](https://vuldb.com/?ip.104.166.117.0) | - | - | High
-144 | [104.224.35.0](https://vuldb.com/?ip.104.224.35.0) | - | - | High
-145 | [107.180.148.0](https://vuldb.com/?ip.107.180.148.0) | - | - | High
-146 | [107.180.152.0](https://vuldb.com/?ip.107.180.152.0) | - | - | High
-147 | [116.206.49.0](https://vuldb.com/?ip.116.206.49.0) | - | - | High
-148 | [128.90.108.0](https://vuldb.com/?ip.128.90.108.0) | undefined.hostname.localhost | - | High
-149 | [128.90.115.0](https://vuldb.com/?ip.128.90.115.0) | undefined.hostname.localhost | - | High
-150 | [131.0.136.0](https://vuldb.com/?ip.131.0.136.0) | - | - | High
-151 | [131.0.168.0](https://vuldb.com/?ip.131.0.168.0) | - | - | High
-152 | [131.100.1.0](https://vuldb.com/?ip.131.100.1.0) | - | - | High
-153 | [131.108.168.0](https://vuldb.com/?ip.131.108.168.0) | dsl-emcali-131.108.168.0.emcali.net.co | - | High
-154 | [131.196.208.0](https://vuldb.com/?ip.131.196.208.0) | - | - | High
-155 | [131.221.40.0](https://vuldb.com/?ip.131.221.40.0) | - | - | High
-156 | [132.255.20.0](https://vuldb.com/?ip.132.255.20.0) | 132255200.ip73.static.mediacommerce.com.co | - | High
-157 | [136.228.226.0](https://vuldb.com/?ip.136.228.226.0) | - | - | High
-158 | [138.0.40.0](https://vuldb.com/?ip.138.0.40.0) | - | - | High
-159 | [138.0.88.0](https://vuldb.com/?ip.138.0.88.0) | - | - | High
-160 | [138.0.116.0](https://vuldb.com/?ip.138.0.116.0) | azteca-comunicaciones.com | - | High
-161 | [138.36.64.0](https://vuldb.com/?ip.138.36.64.0) | - | - | High
-162 | ... | ... | ... | ...
+1 | [4.33.232.0](https://vuldb.com/?ip.4.33.232.0) | - | - | High
+2 | [5.8.46.128](https://vuldb.com/?ip.5.8.46.128) | - | - | High
+3 | [5.62.56.60](https://vuldb.com/?ip.5.62.56.60) | r-60-56-62-5.consumer-pool.prcdn.net | - | High
+4 | [5.62.58.56](https://vuldb.com/?ip.5.62.58.56) | r-56-58-62-5.consumer-pool.prcdn.net | - | High
+5 | [5.182.120.0](https://vuldb.com/?ip.5.182.120.0) | - | - | High
+6 | [8.242.128.0](https://vuldb.com/?ip.8.242.128.0) | - | - | High
+7 | [8.242.142.0](https://vuldb.com/?ip.8.242.142.0) | - | - | High
+8 | [8.242.208.0](https://vuldb.com/?ip.8.242.208.0) | - | - | High
+9 | [8.243.64.0](https://vuldb.com/?ip.8.243.64.0) | - | - | High
+10 | [8.243.160.0](https://vuldb.com/?ip.8.243.160.0) | - | - | High
+11 | [13.227.5.0](https://vuldb.com/?ip.13.227.5.0) | server-13-227-5-0.bog50.r.cloudfront.net | - | High
+12 | [13.227.6.0](https://vuldb.com/?ip.13.227.6.0) | server-13-227-6-0.bog50.r.cloudfront.net | - | High
+13 | [13.227.16.0](https://vuldb.com/?ip.13.227.16.0) | server-13-227-16-0.bog50.r.cloudfront.net | - | High
+14 | [13.227.20.0](https://vuldb.com/?ip.13.227.20.0) | server-13-227-20-0.bog50.r.cloudfront.net | - | High
+15 | [13.227.24.0](https://vuldb.com/?ip.13.227.24.0) | server-13-227-24-0.bog50.r.cloudfront.net | - | High
+16 | [17.45.148.0](https://vuldb.com/?ip.17.45.148.0) | - | - | High
+17 | [17.45.170.111](https://vuldb.com/?ip.17.45.170.111) | - | - | High
+18 | [23.7.0.0](https://vuldb.com/?ip.23.7.0.0) | a23-7-0-0.deploy.static.akamaitechnologies.com | - | High
+19 | [23.7.64.0](https://vuldb.com/?ip.23.7.64.0) | a23-7-64-0.deploy.static.akamaitechnologies.com | - | High
+20 | [23.7.144.0](https://vuldb.com/?ip.23.7.144.0) | a23-7-144-0.deploy.static.akamaitechnologies.com | - | High
+21 | [23.9.48.0](https://vuldb.com/?ip.23.9.48.0) | a23-9-48-0.deploy.static.akamaitechnologies.com | - | High
+22 | [23.14.16.0](https://vuldb.com/?ip.23.14.16.0) | a23-14-16-0.deploy.static.akamaitechnologies.com | - | High
+23 | [23.14.32.0](https://vuldb.com/?ip.23.14.32.0) | a23-14-32-0.deploy.static.akamaitechnologies.com | - | High
+24 | [23.14.48.0](https://vuldb.com/?ip.23.14.48.0) | a23-14-48-0.deploy.static.akamaitechnologies.com | - | High
+25 | [23.14.80.0](https://vuldb.com/?ip.23.14.80.0) | a23-14-80-0.deploy.static.akamaitechnologies.com | - | High
+26 | [23.32.192.0](https://vuldb.com/?ip.23.32.192.0) | a23-32-192-0.deploy.static.akamaitechnologies.com | - | High
+27 | [23.32.208.0](https://vuldb.com/?ip.23.32.208.0) | a23-32-208-0.deploy.static.akamaitechnologies.com | - | High
+28 | [23.36.184.0](https://vuldb.com/?ip.23.36.184.0) | a23-36-184-0.deploy.static.akamaitechnologies.com | - | High
+29 | [23.46.2.0](https://vuldb.com/?ip.23.46.2.0) | a23-46-2-0.deploy.static.akamaitechnologies.com | - | High
+30 | [23.46.192.0](https://vuldb.com/?ip.23.46.192.0) | a23-46-192-0.deploy.static.akamaitechnologies.com | - | High
+31 | [23.52.112.0](https://vuldb.com/?ip.23.52.112.0) | a23-52-112-0.deploy.static.akamaitechnologies.com | - | High
+32 | [23.56.64.0](https://vuldb.com/?ip.23.56.64.0) | a23-56-64-0.deploy.static.akamaitechnologies.com | - | High
+33 | [23.61.2.0](https://vuldb.com/?ip.23.61.2.0) | a23-61-2-0.deploy.static.akamaitechnologies.com | - | High
+34 | [23.61.245.0](https://vuldb.com/?ip.23.61.245.0) | a23-61-245-0.deploy.static.akamaitechnologies.com | - | High
+35 | [23.61.247.0](https://vuldb.com/?ip.23.61.247.0) | a23-61-247-0.deploy.static.akamaitechnologies.com | - | High
+36 | [23.67.16.0](https://vuldb.com/?ip.23.67.16.0) | a23-67-16-0.deploy.static.akamaitechnologies.com | - | High
+37 | [23.213.192.0](https://vuldb.com/?ip.23.213.192.0) | a23-213-192-0.deploy.static.akamaitechnologies.com | - | High
+38 | [23.213.202.0](https://vuldb.com/?ip.23.213.202.0) | a23-213-202-0.deploy.static.akamaitechnologies.com | - | High
+39 | [23.219.48.0](https://vuldb.com/?ip.23.219.48.0) | a23-219-48-0.deploy.static.akamaitechnologies.com | - | High
+40 | [23.220.64.0](https://vuldb.com/?ip.23.220.64.0) | a23-220-64-0.deploy.static.akamaitechnologies.com | - | High
+41 | [23.232.253.0](https://vuldb.com/?ip.23.232.253.0) | - | - | High
+42 | [23.235.44.0](https://vuldb.com/?ip.23.235.44.0) | - | - | High
+43 | [24.152.56.0](https://vuldb.com/?ip.24.152.56.0) | - | - | High
+44 | [24.152.58.0](https://vuldb.com/?ip.24.152.58.0) | - | - | High
+45 | [32.59.72.0](https://vuldb.com/?ip.32.59.72.0) | - | - | High
+46 | [32.59.144.0](https://vuldb.com/?ip.32.59.144.0) | - | - | High
+47 | [32.59.147.0](https://vuldb.com/?ip.32.59.147.0) | - | - | High
+48 | [34.100.24.0](https://vuldb.com/?ip.34.100.24.0) | 0.24.100.34.bc.googleusercontent.com | - | Medium
+49 | [34.100.56.0](https://vuldb.com/?ip.34.100.56.0) | 0.56.100.34.bc.googleusercontent.com | - | Medium
+50 | [38.10.180.0](https://vuldb.com/?ip.38.10.180.0) | - | - | High
+51 | [38.229.54.0](https://vuldb.com/?ip.38.229.54.0) | - | - | High
+52 | [45.5.160.0](https://vuldb.com/?ip.45.5.160.0) | - | - | High
+53 | [45.5.172.0](https://vuldb.com/?ip.45.5.172.0) | - | - | High
+54 | [45.5.180.0](https://vuldb.com/?ip.45.5.180.0) | - | - | High
+55 | [45.5.184.0](https://vuldb.com/?ip.45.5.184.0) | - | - | High
+56 | [45.7.132.0](https://vuldb.com/?ip.45.7.132.0) | 45-7-132-0.ims-ipv4.com | - | High
+57 | [45.12.70.49](https://vuldb.com/?ip.45.12.70.49) | files-clock.get-eye.com | - | High
+58 | [45.12.71.49](https://vuldb.com/?ip.45.12.71.49) | - | - | High
+59 | [45.65.136.0](https://vuldb.com/?ip.45.65.136.0) | - | - | High
+60 | [45.65.200.0](https://vuldb.com/?ip.45.65.200.0) | - | - | High
+61 | [45.65.232.0](https://vuldb.com/?ip.45.65.232.0) | - | - | High
+62 | [45.70.168.0](https://vuldb.com/?ip.45.70.168.0) | - | - | High
+63 | [45.71.7.0](https://vuldb.com/?ip.45.71.7.0) | - | - | High
+64 | [45.71.180.0](https://vuldb.com/?ip.45.71.180.0) | - | - | High
+65 | [45.87.11.0](https://vuldb.com/?ip.45.87.11.0) | - | - | High
+66 | [45.87.117.0](https://vuldb.com/?ip.45.87.117.0) | - | - | High
+67 | [45.129.32.0](https://vuldb.com/?ip.45.129.32.0) | - | - | High
+68 | [45.131.162.0](https://vuldb.com/?ip.45.131.162.0) | - | - | High
+69 | [45.144.227.0](https://vuldb.com/?ip.45.144.227.0) | - | - | High
+70 | [45.162.0.0](https://vuldb.com/?ip.45.162.0.0) | - | - | High
+71 | [45.162.76.0](https://vuldb.com/?ip.45.162.76.0) | - | - | High
+72 | [45.162.82.0](https://vuldb.com/?ip.45.162.82.0) | 0-82-162-45.static-col.wifaocolombia.com | - | High
+73 | [45.162.84.0](https://vuldb.com/?ip.45.162.84.0) | 0-84-162-45.static-col.wifaocolombia.com | - | High
+74 | [45.162.126.0](https://vuldb.com/?ip.45.162.126.0) | - | - | High
+75 | [45.163.0.0](https://vuldb.com/?ip.45.163.0.0) | - | - | High
+76 | [45.163.28.0](https://vuldb.com/?ip.45.163.28.0) | - | - | High
+77 | [45.163.30.0](https://vuldb.com/?ip.45.163.30.0) | - | - | High
+78 | [45.167.124.0](https://vuldb.com/?ip.45.167.124.0) | - | - | High
+79 | [45.167.126.0](https://vuldb.com/?ip.45.167.126.0) | - | - | High
+80 | [45.167.248.0](https://vuldb.com/?ip.45.167.248.0) | - | - | High
+81 | [45.168.104.0](https://vuldb.com/?ip.45.168.104.0) | - | - | High
+82 | [45.169.98.0](https://vuldb.com/?ip.45.169.98.0) | rede-45.169.98.netcomunicaciones.com | - | High
+83 | [45.169.253.0](https://vuldb.com/?ip.45.169.253.0) | - | - | High
+84 | [45.170.124.0](https://vuldb.com/?ip.45.170.124.0) | - | - | High
+85 | [45.170.132.0](https://vuldb.com/?ip.45.170.132.0) | - | - | High
+86 | [45.170.240.0](https://vuldb.com/?ip.45.170.240.0) | - | - | High
+87 | [45.171.118.0](https://vuldb.com/?ip.45.171.118.0) | - | - | High
+88 | [45.171.180.0](https://vuldb.com/?ip.45.171.180.0) | - | - | High
+89 | [45.172.178.0](https://vuldb.com/?ip.45.172.178.0) | - | - | High
+90 | [45.172.184.0](https://vuldb.com/?ip.45.172.184.0) | - | - | High
+91 | [45.172.218.0](https://vuldb.com/?ip.45.172.218.0) | - | - | High
+92 | [45.172.222.0](https://vuldb.com/?ip.45.172.222.0) | - | - | High
+93 | [45.173.0.0](https://vuldb.com/?ip.45.173.0.0) | - | - | High
+94 | [45.173.4.0](https://vuldb.com/?ip.45.173.4.0) | 45-173-4-0.ims-ipv4.com | - | High
+95 | [45.173.8.0](https://vuldb.com/?ip.45.173.8.0) | mymnetworks.com | - | High
+96 | [45.173.12.0](https://vuldb.com/?ip.45.173.12.0) | - | - | High
+97 | [45.173.14.0](https://vuldb.com/?ip.45.173.14.0) | 45-173-14-0.tvisla.net.co | - | High
+98 | [45.173.44.0](https://vuldb.com/?ip.45.173.44.0) | 45-173-44-0.tvisla.net.co | - | High
+99 | [45.173.68.0](https://vuldb.com/?ip.45.173.68.0) | - | - | High
+100 | [45.174.196.0](https://vuldb.com/?ip.45.174.196.0) | - | - | High
+101 | [45.174.224.0](https://vuldb.com/?ip.45.174.224.0) | - | - | High
+102 | [45.174.227.0](https://vuldb.com/?ip.45.174.227.0) | - | - | High
+103 | [45.175.20.0](https://vuldb.com/?ip.45.175.20.0) | - | - | High
+104 | [45.175.139.0](https://vuldb.com/?ip.45.175.139.0) | - | - | High
+105 | [45.176.70.0](https://vuldb.com/?ip.45.176.70.0) | - | - | High
+106 | [45.176.193.0](https://vuldb.com/?ip.45.176.193.0) | - | - | High
+107 | [45.176.232.0](https://vuldb.com/?ip.45.176.232.0) | - | - | High
+108 | [45.177.52.0](https://vuldb.com/?ip.45.177.52.0) | - | - | High
+109 | [45.177.54.0](https://vuldb.com/?ip.45.177.54.0) | - | - | High
+110 | [45.177.108.0](https://vuldb.com/?ip.45.177.108.0) | 45-177-108-0.ims-ipv4.com | - | High
+111 | [45.178.4.0](https://vuldb.com/?ip.45.178.4.0) | hostedby.packetbunker.com | - | High
+112 | [45.178.12.0](https://vuldb.com/?ip.45.178.12.0) | - | - | High
+113 | [45.178.64.0](https://vuldb.com/?ip.45.178.64.0) | - | - | High
+114 | [45.179.160.0](https://vuldb.com/?ip.45.179.160.0) | - | - | High
+115 | [45.179.200.0](https://vuldb.com/?ip.45.179.200.0) | - | - | High
+116 | [45.179.244.0](https://vuldb.com/?ip.45.179.244.0) | - | - | High
+117 | [45.180.22.0](https://vuldb.com/?ip.45.180.22.0) | - | - | High
+118 | [45.180.44.0](https://vuldb.com/?ip.45.180.44.0) | - | - | High
+119 | [45.180.82.0](https://vuldb.com/?ip.45.180.82.0) | - | - | High
+120 | [45.180.112.0](https://vuldb.com/?ip.45.180.112.0) | - | - | High
+121 | [45.181.156.0](https://vuldb.com/?ip.45.181.156.0) | 45-181-156-0.odatacolocation.com.br | - | High
+122 | [45.181.188.0](https://vuldb.com/?ip.45.181.188.0) | - | - | High
+123 | [45.181.204.0](https://vuldb.com/?ip.45.181.204.0) | - | - | High
+124 | [45.182.41.0](https://vuldb.com/?ip.45.182.41.0) | - | - | High
+125 | [45.182.190.0](https://vuldb.com/?ip.45.182.190.0) | - | - | High
+126 | [45.183.40.0](https://vuldb.com/?ip.45.183.40.0) | - | - | High
+127 | [45.183.196.0](https://vuldb.com/?ip.45.183.196.0) | - | - | High
+128 | [45.183.247.0](https://vuldb.com/?ip.45.183.247.0) | 0.247.183.45.static.luma.cloud | - | High
+129 | [45.185.31.0](https://vuldb.com/?ip.45.185.31.0) | - | - | High
+130 | [45.187.48.0](https://vuldb.com/?ip.45.187.48.0) | - | - | High
+131 | [45.189.119.0](https://vuldb.com/?ip.45.189.119.0) | - | - | High
+132 | [45.189.235.0](https://vuldb.com/?ip.45.189.235.0) | 0.235.189.45.inttercom.net.co | - | High
+133 | [45.190.86.0](https://vuldb.com/?ip.45.190.86.0) | - | - | High
+134 | [45.191.0.0](https://vuldb.com/?ip.45.191.0.0) | 0.0.191.45.host.as64114.com | - | High
+135 | [45.191.2.0](https://vuldb.com/?ip.45.191.2.0) | 0.2.191.45.host.as64114.com | - | High
+136 | [45.191.44.0](https://vuldb.com/?ip.45.191.44.0) | - | - | High
+137 | [45.191.74.0](https://vuldb.com/?ip.45.191.74.0) | - | - | High
+138 | [45.191.232.0](https://vuldb.com/?ip.45.191.232.0) | - | - | High
+139 | [45.224.186.0](https://vuldb.com/?ip.45.224.186.0) | - | - | High
+140 | [45.225.224.0](https://vuldb.com/?ip.45.225.224.0) | - | - | High
+141 | [45.225.226.0](https://vuldb.com/?ip.45.225.226.0) | - | - | High
+142 | [45.226.112.0](https://vuldb.com/?ip.45.226.112.0) | - | - | High
+143 | [45.226.186.0](https://vuldb.com/?ip.45.226.186.0) | - | - | High
+144 | [45.227.5.0](https://vuldb.com/?ip.45.227.5.0) | - | - | High
+145 | [45.227.88.0](https://vuldb.com/?ip.45.227.88.0) | - | - | High
+146 | [45.229.72.0](https://vuldb.com/?ip.45.229.72.0) | - | - | High
+147 | [45.229.192.0](https://vuldb.com/?ip.45.229.192.0) | - | - | High
+148 | [45.230.33.0](https://vuldb.com/?ip.45.230.33.0) | - | - | High
+149 | [45.231.184.0](https://vuldb.com/?ip.45.231.184.0) | - | - | High
+150 | [45.233.4.0](https://vuldb.com/?ip.45.233.4.0) | - | - | High
+151 | [45.233.72.0](https://vuldb.com/?ip.45.233.72.0) | - | - | High
+152 | [45.233.168.0](https://vuldb.com/?ip.45.233.168.0) | - | - | High
+153 | [45.235.40.0](https://vuldb.com/?ip.45.235.40.0) | - | - | High
+154 | [45.237.36.0](https://vuldb.com/?ip.45.237.36.0) | - | - | High
+155 | [45.238.144.0](https://vuldb.com/?ip.45.238.144.0) | - | - | High
+156 | [45.238.180.0](https://vuldb.com/?ip.45.238.180.0) | - | - | High
+157 | [45.238.196.0](https://vuldb.com/?ip.45.238.196.0) | - | - | High
+158 | [45.239.88.0](https://vuldb.com/?ip.45.239.88.0) | - | - | High
+159 | [45.239.115.0](https://vuldb.com/?ip.45.239.115.0) | - | - | High
+160 | [50.7.48.0](https://vuldb.com/?ip.50.7.48.0) | - | - | High
+161 | [57.74.192.0](https://vuldb.com/?ip.57.74.192.0) | - | - | High
+162 | [63.163.180.0](https://vuldb.com/?ip.63.163.180.0) | - | - | High
+163 | [63.168.93.0](https://vuldb.com/?ip.63.168.93.0) | - | - | High
+164 | [63.174.200.0](https://vuldb.com/?ip.63.174.200.0) | - | - | High
+165 | [63.222.128.0](https://vuldb.com/?ip.63.222.128.0) | - | - | High
+166 | [63.245.64.0](https://vuldb.com/?ip.63.245.64.0) | - | - | High
+167 | [63.245.80.0](https://vuldb.com/?ip.63.245.80.0) | - | - | High
+168 | [63.245.96.0](https://vuldb.com/?ip.63.245.96.0) | - | - | High
+169 | [64.76.48.0](https://vuldb.com/?ip.64.76.48.0) | - | - | High
+170 | [64.76.56.0](https://vuldb.com/?ip.64.76.56.0) | - | - | High
+171 | [64.76.80.0](https://vuldb.com/?ip.64.76.80.0) | - | - | High
+172 | [64.76.88.0](https://vuldb.com/?ip.64.76.88.0) | - | - | High
+173 | [64.76.90.0](https://vuldb.com/?ip.64.76.90.0) | - | - | High
+174 | [64.76.112.0](https://vuldb.com/?ip.64.76.112.0) | c6476112-0.dynamic.impsat.com.co | - | High
+175 | [64.76.184.0](https://vuldb.com/?ip.64.76.184.0) | - | - | High
+176 | [64.76.188.0](https://vuldb.com/?ip.64.76.188.0) | - | - | High
+177 | [64.76.208.0](https://vuldb.com/?ip.64.76.208.0) | - | - | High
+178 | [64.86.224.0](https://vuldb.com/?ip.64.86.224.0) | - | - | High
+179 | [64.140.143.128](https://vuldb.com/?ip.64.140.143.128) | - | - | High
+180 | [64.191.220.0](https://vuldb.com/?ip.64.191.220.0) | - | - | High
+181 | [64.252.186.0](https://vuldb.com/?ip.64.252.186.0) | server-64-252-186-0.bog50.r.cloudfront.net | - | High
+182 | [65.167.48.0](https://vuldb.com/?ip.65.167.48.0) | - | - | High
+183 | [65.167.80.0](https://vuldb.com/?ip.65.167.80.0) | - | - | High
+184 | [65.168.52.0](https://vuldb.com/?ip.65.168.52.0) | - | - | High
+185 | [65.199.244.0](https://vuldb.com/?ip.65.199.244.0) | - | - | High
+186 | [65.208.64.0](https://vuldb.com/?ip.65.208.64.0) | - | - | High
+187 | [65.243.120.0](https://vuldb.com/?ip.65.243.120.0) | - | - | High
+188 | [65.247.206.0](https://vuldb.com/?ip.65.247.206.0) | - | - | High
+189 | [65.247.240.0](https://vuldb.com/?ip.65.247.240.0) | - | - | High
+190 | [65.247.244.0](https://vuldb.com/?ip.65.247.244.0) | - | - | High
+191 | [66.90.66.0](https://vuldb.com/?ip.66.90.66.0) | - | - | High
+192 | [66.90.82.0](https://vuldb.com/?ip.66.90.82.0) | - | - | High
+193 | [66.205.0.0](https://vuldb.com/?ip.66.205.0.0) | - | - | High
+194 | [66.231.64.0](https://vuldb.com/?ip.66.231.64.0) | host-66-231-64-0.telecu.es | - | High
+195 | [66.231.68.0](https://vuldb.com/?ip.66.231.68.0) | - | - | High
+196 | [67.73.152.0](https://vuldb.com/?ip.67.73.152.0) | - | - | High
+197 | [67.73.184.0](https://vuldb.com/?ip.67.73.184.0) | - | - | High
+198 | [67.73.224.0](https://vuldb.com/?ip.67.73.224.0) | - | - | High
+199 | [67.73.240.0](https://vuldb.com/?ip.67.73.240.0) | - | - | High
+200 | [67.73.248.0](https://vuldb.com/?ip.67.73.248.0) | - | - | High
+201 | [67.73.252.0](https://vuldb.com/?ip.67.73.252.0) | - | - | High
+202 | [69.42.114.0](https://vuldb.com/?ip.69.42.114.0) | - | - | High
+203 | [69.174.45.32](https://vuldb.com/?ip.69.174.45.32) | ns1648.ztomy.com | - | High
+204 | [69.195.210.0](https://vuldb.com/?ip.69.195.210.0) | - | - | High
+205 | [69.195.211.0](https://vuldb.com/?ip.69.195.211.0) | - | - | High
+206 | [70.35.154.0](https://vuldb.com/?ip.70.35.154.0) | - | - | High
+207 | [70.35.156.0](https://vuldb.com/?ip.70.35.156.0) | - | - | High
+208 | [70.35.159.0](https://vuldb.com/?ip.70.35.159.0) | - | - | High
+209 | [72.46.230.0](https://vuldb.com/?ip.72.46.230.0) | - | - | High
+210 | [72.246.48.0](https://vuldb.com/?ip.72.246.48.0) | a72-246-48-0.deploy.static.akamaitechnologies.com | - | High
+211 | [72.246.208.0](https://vuldb.com/?ip.72.246.208.0) | a72-246-208-0.deploy.static.akamaitechnologies.com | - | High
+212 | [81.173.106.120](https://vuldb.com/?ip.81.173.106.120) | - | - | High
+213 | [82.195.173.245](https://vuldb.com/?ip.82.195.173.245) | - | - | High
+214 | [87.120.106.0](https://vuldb.com/?ip.87.120.106.0) | - | - | High
+215 | [89.249.56.0](https://vuldb.com/?ip.89.249.56.0) | - | - | High
+216 | [91.195.110.0](https://vuldb.com/?ip.91.195.110.0) | - | - | High
+217 | [92.122.210.0](https://vuldb.com/?ip.92.122.210.0) | a92-122-210-0.deploy.static.akamaitechnologies.com | - | High
+218 | [92.123.240.0](https://vuldb.com/?ip.92.123.240.0) | a92-123-240-0.deploy.static.akamaitechnologies.com | - | High
+219 | [95.100.87.0](https://vuldb.com/?ip.95.100.87.0) | a95-100-87-0.deploy.static.akamaitechnologies.com | - | High
+220 | [95.101.29.0](https://vuldb.com/?ip.95.101.29.0) | a95-101-29-0.deploy.static.akamaitechnologies.com | - | High
+221 | [96.7.0.0](https://vuldb.com/?ip.96.7.0.0) | a96-7-0-0.deploy.static.akamaitechnologies.com | - | High
+222 | [102.38.230.0](https://vuldb.com/?ip.102.38.230.0) | - | - | High
+223 | [104.75.170.0](https://vuldb.com/?ip.104.75.170.0) | a104-75-170-0.deploy.static.akamaitechnologies.com | - | High
+224 | [104.77.198.0](https://vuldb.com/?ip.104.77.198.0) | a104-77-198-0.deploy.static.akamaitechnologies.com | - | High
+225 | [104.77.200.0](https://vuldb.com/?ip.104.77.200.0) | a104-77-200-0.deploy.static.akamaitechnologies.com | - | High
+226 | ... | ... | ... | ...
 
-There are 644 more IOC items available. Please use our online service to access the data.
+There are 902 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -192,11 +256,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
-2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
 6 | ... | ... | ... | ...
 
 There are 19 more TTP items available. Please use our online service to access the data.
@@ -213,68 +277,76 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/addemployee.php` | High
 5 | File | `/admin/api/admin/articles/` | High
 6 | File | `/Admin/login.php` | High
-7 | File | `/admin/showbad.php` | High
-8 | File | `/anony/mjpg.cgi` | High
+7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
 9 | File | `/apilog.php` | Medium
-10 | File | `/cgi-bin/wlogin.cgi` | High
-11 | File | `/connectors/index.php` | High
-12 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-13 | File | `/face-recognition-php/facepay-master/camera.php` | High
-14 | File | `/forum/away.php` | High
-15 | File | `/hrm/employeeadd.php` | High
-16 | File | `/hrm/employeeview.php` | High
-17 | File | `/index.php` | Medium
-18 | File | `/items/view_item.php` | High
-19 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-20 | File | `/lookin/info` | Medium
-21 | File | `/manager/index.php` | High
-22 | File | `/medical/inventories.php` | High
-23 | File | `/mkshop/Men/profile.php` | High
-24 | File | `/mobile/downloadfile.aspx` | High
-25 | File | `/modules/profile/index.php` | High
-26 | File | `/modules/projects/vw_files.php` | High
-27 | File | `/modules/public/calendar.php` | High
-28 | File | `/net/nfc/netlink.c` | High
-29 | File | `/newsDia.php` | Medium
-30 | File | `/out.php` | Medium
-31 | File | `/outgoing.php` | High
-32 | File | `/proxy` | Low
-33 | File | `/public/launchNewWindow.jsp` | High
-34 | File | `/Redcock-Farm/farm/category.php` | High
-35 | File | `/reports/rwservlet` | High
-36 | File | `/sacco_shield/manage_user.php` | High
-37 | File | `/spip.php` | Medium
-38 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-39 | File | `/staff/bookdetails.php` | High
-40 | File | `/staff/delete.php` | High
-41 | File | `/user/update_booking.php` | High
-42 | File | `/WEB-INF/web.xml` | High
-43 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-44 | File | `/wordpress/wp-admin/options-general.php` | High
-45 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-46 | File | `AbstractScheduleJob.java` | High
-47 | File | `actionphp/download.File.php` | High
-48 | File | `adclick.php` | Medium
-49 | File | `addtocart.asp` | High
-50 | File | `admin.jcomments.php` | High
-51 | File | `admin.php` | Medium
-52 | File | `admin/conf_users_edit.php` | High
-53 | File | `admin/panels/entry/admin.entry.list.php` | High
-54 | File | `admin/panels/uploader/admin.uploader.php` | High
-55 | File | `admincp.php` | Medium
-56 | File | `admincp/search.php?do=dosearch` | High
-57 | File | `administers` | Medium
-58 | File | `admin_feature.php` | High
-59 | File | `afr.php` | Low
-60 | ... | ... | ...
+10 | File | `/APR/login.php` | High
+11 | File | `/bin/httpd` | Medium
+12 | File | `/cgi-bin/wapopen` | High
+13 | File | `/cgi-bin/webadminget.cgi` | High
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/connectors/index.php` | High
+16 | File | `/dev/block/mmcblk0rpmb` | High
+17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+18 | File | `/face-recognition-php/facepay-master/camera.php` | High
+19 | File | `/forum/away.php` | High
+20 | File | `/fos/admin/ajax.php?action=login` | High
+21 | File | `/fos/admin/index.php?page=menu` | High
+22 | File | `/home/masterConsole` | High
+23 | File | `/home/sendBroadcast` | High
+24 | File | `/hrm/employeeadd.php` | High
+25 | File | `/hrm/employeeview.php` | High
+26 | File | `/index.php` | Medium
+27 | File | `/items/view_item.php` | High
+28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+29 | File | `/lookin/info` | Medium
+30 | File | `/manager/index.php` | High
+31 | File | `/medical/inventories.php` | High
+32 | File | `/modules/profile/index.php` | High
+33 | File | `/modules/projects/vw_files.php` | High
+34 | File | `/modules/public/calendar.php` | High
+35 | File | `/mygym/admin/index.php?view_exercises` | High
+36 | File | `/net/nfc/netlink.c` | High
+37 | File | `/newsDia.php` | Medium
+38 | File | `/out.php` | Medium
+39 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
+40 | File | `/php-opos/index.php` | High
+41 | File | `/proxy` | Low
+42 | File | `/public/launchNewWindow.jsp` | High
+43 | File | `/Redcock-Farm/farm/category.php` | High
+44 | File | `/reports/rwservlet` | High
+45 | File | `/sacco_shield/manage_user.php` | High
+46 | File | `/spip.php` | Medium
+47 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+48 | File | `/staff/bookdetails.php` | High
+49 | File | `/staff/delete.php` | High
+50 | File | `/uncpath/` | Medium
+51 | File | `/user/update_booking.php` | High
+52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+53 | File | `/wireless/security.asp` | High
+54 | File | `/wordpress/wp-admin/options-general.php` | High
+55 | File | `01article.php` | High
+56 | File | `AbstractScheduleJob.java` | High
+57 | File | `actionphp/download.File.php` | High
+58 | File | `activenews_view.asp` | High
+59 | File | `adclick.php` | Medium
+60 | File | `addtocart.asp` | High
+61 | File | `admin.php` | Medium
+62 | File | `admin/?page=students/view_student` | High
+63 | File | `admin/abc.php` | High
+64 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+65 | File | `admin/admin/adminsave.html` | High
+66 | File | `admin/conf_users_edit.php` | High
+67 | ... | ... | ...
 
-There are 525 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 590 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_co.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_co.netset
 
 ## Literature
 

actors/Comnie/README.md

@@ -31,7 +31,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 5 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -41,10 +41,10 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/index.php` | Medium
 2 | File | `/webhooks/aws` | High
-3 | File | `clearhistory.jsp` | High
+3 | File | `cgi-bin/awstats.pl` | High
 4 | ... | ... | ...
 
-There are 20 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Comoros Unknown/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Comoros Unknown:
 
 * [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
 * [FR](https://vuldb.com/?country.fr)
+* [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -23,11 +23,12 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.62.60.96](https://vuldb.com/?ip.5.62.60.96) | r-96-60-62-5.consumer-pool.prcdn.net | - | High
 2 | [5.62.62.92](https://vuldb.com/?ip.5.62.62.92) | r-92-62-62-5.consumer-pool.prcdn.net | - | High
-3 | [41.194.33.0](https://vuldb.com/?ip.41.194.33.0) | - | - | High
-4 | [45.12.70.120](https://vuldb.com/?ip.45.12.70.120) | secon-mean.yourbandinc.com | - | High
-5 | ... | ... | ... | ...
+3 | [41.194.32.0](https://vuldb.com/?ip.41.194.32.0) | - | - | High
+4 | [41.194.33.0](https://vuldb.com/?ip.41.194.33.0) | - | - | High
+5 | [45.12.70.120](https://vuldb.com/?ip.45.12.70.120) | secon-mean.yourbandinc.com | - | High
+6 | ... | ... | ... | ...
 
-There are 14 more IOC items available. Please use our online service to access the data.
+There are 18 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -52,44 +53,46 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
 3 | File | `/admin/ajax/avatar.php` | High
 4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/cgi-bin/kerbynet` | High
-8 | File | `/default.php?idx=17` | High
-9 | File | `/download` | Medium
-10 | File | `/forum/away.php` | High
-11 | File | `/index.php` | Medium
-12 | File | `/opt/bin/cli` | Medium
-13 | File | `/p` | Low
-14 | File | `/patient/doctors.php` | High
-15 | File | `/phpinventory/editcategory.php` | High
-16 | File | `/product-list.php` | High
-17 | File | `/spip.php` | Medium
-18 | File | `/uncpath/` | Medium
-19 | File | `/updown/upload.cgi` | High
-20 | File | `/user/del.php` | High
-21 | File | `/_next` | Low
-22 | File | `123flashchat.php` | High
-23 | File | `act.php` | Low
-24 | File | `admin/bad.php` | High
-25 | File | `admin/index.php` | High
-26 | File | `admin/index.php/user/del/1` | High
-27 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-28 | File | `administrator/index.php` | High
-29 | File | `ajax/render/widget_php` | High
-30 | File | `album_portal.php` | High
-31 | File | `api.php` | Low
-32 | File | `application/home/controller/debug.php` | High
-33 | File | `articulo.php` | Medium
-34 | ... | ... | ...
+5 | File | `/admin/lab.php` | High
+6 | File | `/admin/payment.php` | High
+7 | File | `/admin/show.php` | High
+8 | File | `/cgi-bin/kerbynet` | High
+9 | File | `/default.php?idx=17` | High
+10 | File | `/download` | Medium
+11 | File | `/forum/away.php` | High
+12 | File | `/index.php` | Medium
+13 | File | `/opt/bin/cli` | Medium
+14 | File | `/p` | Low
+15 | File | `/patient/doctors.php` | High
+16 | File | `/phpinventory/editcategory.php` | High
+17 | File | `/product-list.php` | High
+18 | File | `/spip.php` | Medium
+19 | File | `/uncpath/` | Medium
+20 | File | `/updown/upload.cgi` | High
+21 | File | `/user/del.php` | High
+22 | File | `/_next` | Low
+23 | File | `123flashchat.php` | High
+24 | File | `act.php` | Low
+25 | File | `admin/bad.php` | High
+26 | File | `admin/index.php` | High
+27 | File | `admin/index.php/user/del/1` | High
+28 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+29 | File | `administrator/index.php` | High
+30 | File | `ajax/render/widget_php` | High
+31 | File | `album_portal.php` | High
+32 | File | `api.php` | Low
+33 | File | `application/home/controller/debug.php` | High
+34 | File | `articulo.php` | Medium
+35 | ... | ... | ...
 
-There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_km.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_km.netset
 
 ## Literature
 

actors/Confucius/README.md

@@ -63,66 +63,68 @@ ID | Type | Indicator | Confidence
 1 | File | `.github/workflows/combine-prs.yml` | High
 2 | File | `/Admin/add-student.php` | High
 3 | File | `/admin/api/admin/articles/` | High
-4 | File | `/admin/conferences/list/` | High
-5 | File | `/Admin/login.php` | High
-6 | File | `/admin/showbad.php` | High
-7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-9 | File | `/apilog.php` | Medium
-10 | File | `/APR/login.php` | High
-11 | File | `/bin/httpd` | Medium
-12 | File | `/cgi-bin/wapopen` | High
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/connectors/index.php` | High
-15 | File | `/dev/block/mmcblk0rpmb` | High
-16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-17 | File | `/face-recognition-php/facepay-master/camera.php` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/fos/admin/ajax.php?action=login` | High
-20 | File | `/fos/admin/index.php?page=menu` | High
-21 | File | `/home/masterConsole` | High
-22 | File | `/home/sendBroadcast` | High
-23 | File | `/hrm/employeeadd.php` | High
-24 | File | `/hrm/employeeview.php` | High
-25 | File | `/index.php` | Medium
-26 | File | `/items/view_item.php` | High
-27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-28 | File | `/lookin/info` | Medium
-29 | File | `/manager/index.php` | High
-30 | File | `/medical/inventories.php` | High
-31 | File | `/modules/profile/index.php` | High
-32 | File | `/modules/projects/vw_files.php` | High
-33 | File | `/modules/public/calendar.php` | High
-34 | File | `/mygym/admin/index.php?view_exercises` | High
-35 | File | `/newsDia.php` | Medium
-36 | File | `/out.php` | Medium
-37 | File | `/php-opos/index.php` | High
-38 | File | `/proxy` | Low
-39 | File | `/public/launchNewWindow.jsp` | High
-40 | File | `/Redcock-Farm/farm/category.php` | High
-41 | File | `/reports/rwservlet` | High
-42 | File | `/sacco_shield/manage_user.php` | High
-43 | File | `/spip.php` | Medium
-44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-45 | File | `/staff/bookdetails.php` | High
-46 | File | `/uncpath/` | Medium
-47 | File | `/user/update_booking.php` | High
-48 | File | `/WEB-INF/web.xml` | High
-49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-50 | File | `/wireless/security.asp` | High
-51 | File | `/wordpress/wp-admin/options-general.php` | High
-52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-53 | File | `01article.php` | High
-54 | File | `AbstractScheduleJob.java` | High
-55 | File | `actionphp/download.File.php` | High
+4 | File | `/Admin/login.php` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+7 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+8 | File | `/apilog.php` | Medium
+9 | File | `/APR/login.php` | High
+10 | File | `/bin/httpd` | Medium
+11 | File | `/cgi-bin/wapopen` | High
+12 | File | `/cgi-bin/wlogin.cgi` | High
+13 | File | `/connectors/index.php` | High
+14 | File | `/dev/block/mmcblk0rpmb` | High
+15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+16 | File | `/face-recognition-php/facepay-master/camera.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/fos/admin/ajax.php?action=login` | High
+19 | File | `/fos/admin/index.php?page=menu` | High
+20 | File | `/home/masterConsole` | High
+21 | File | `/home/sendBroadcast` | High
+22 | File | `/hrm/employeeadd.php` | High
+23 | File | `/hrm/employeeview.php` | High
+24 | File | `/index.php` | Medium
+25 | File | `/items/view_item.php` | High
+26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+27 | File | `/lookin/info` | Medium
+28 | File | `/manager/index.php` | High
+29 | File | `/medical/inventories.php` | High
+30 | File | `/modules/profile/index.php` | High
+31 | File | `/modules/projects/vw_files.php` | High
+32 | File | `/modules/public/calendar.php` | High
+33 | File | `/mygym/admin/index.php?view_exercises` | High
+34 | File | `/newsDia.php` | Medium
+35 | File | `/out.php` | Medium
+36 | File | `/php-opos/index.php` | High
+37 | File | `/proxy` | Low
+38 | File | `/public/launchNewWindow.jsp` | High
+39 | File | `/Redcock-Farm/farm/category.php` | High
+40 | File | `/reports/rwservlet` | High
+41 | File | `/sacco_shield/manage_user.php` | High
+42 | File | `/spip.php` | Medium
+43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+44 | File | `/staff/bookdetails.php` | High
+45 | File | `/uncpath/` | Medium
+46 | File | `/user/update_booking.php` | High
+47 | File | `/WEB-INF/web.xml` | High
+48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+49 | File | `/wireless/security.asp` | High
+50 | File | `/wordpress/wp-admin/options-general.php` | High
+51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+52 | File | `01article.php` | High
+53 | File | `AbstractScheduleJob.java` | High
+54 | File | `actionphp/download.File.php` | High
+55 | File | `activenews_view.asp` | High
 56 | File | `adclick.php` | Medium
 57 | File | `addtocart.asp` | High
 58 | File | `admin.php` | Medium
 59 | File | `admin/abc.php` | High
 60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
-61 | ... | ... | ...
+61 | File | `admin/admin/adminsave.html` | High
+62 | File | `admin/conf_users_edit.php` | High
+63 | ... | ... | ...
 
-There are 531 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 553 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Congo Republic Unknown/README.md

@@ -8,12 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Congo Republic Unknown:
 
-* [US](https://vuldb.com/?country.us)
 * [FR](https://vuldb.com/?country.fr)
-* [ES](https://vuldb.com/?country.es)
-* ...
-
-There are 17 more country items available. Please use our online service to access the data.
+* [US](https://vuldb.com/?country.us)
 
 ## IOC - Indicator of Compromise
 
@@ -23,16 +19,36 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.62.61.100](https://vuldb.com/?ip.5.62.61.100) | r-100-61-62-5.consumer-pool.prcdn.net | - | High
 2 | [5.62.63.76](https://vuldb.com/?ip.5.62.63.76) | r-76-63-62-5.consumer-pool.prcdn.net | - | High
-3 | [41.75.64.0](https://vuldb.com/?ip.41.75.64.0) | - | - | High
-4 | [41.190.72.0](https://vuldb.com/?ip.41.190.72.0) | - | - | High
-5 | [41.194.71.0](https://vuldb.com/?ip.41.194.71.0) | - | - | High
-6 | [41.194.74.0](https://vuldb.com/?ip.41.194.74.0) | - | - | High
-7 | [41.207.121.0](https://vuldb.com/?ip.41.207.121.0) | - | - | High
-8 | [41.207.125.0](https://vuldb.com/?ip.41.207.125.0) | - | - | High
-9 | [41.223.88.0](https://vuldb.com/?ip.41.223.88.0) | - | - | High
-10 | ... | ... | ... | ...
+3 | [5.175.77.0](https://vuldb.com/?ip.5.175.77.0) | - | - | High
+4 | [31.209.128.0](https://vuldb.com/?ip.31.209.128.0) | 0.128.209.31.as43256.net | - | High
+5 | [31.209.130.0](https://vuldb.com/?ip.31.209.130.0) | 0.130.209.31.as43256.net | - | High
+6 | [31.209.132.0](https://vuldb.com/?ip.31.209.132.0) | 0.132.209.31.as43256.net | - | High
+7 | [41.60.24.0](https://vuldb.com/?ip.41.60.24.0) | - | - | High
+8 | [41.60.212.0](https://vuldb.com/?ip.41.60.212.0) | - | - | High
+9 | [41.75.64.0](https://vuldb.com/?ip.41.75.64.0) | - | - | High
+10 | [41.77.220.0](https://vuldb.com/?ip.41.77.220.0) | - | - | High
+11 | [41.78.192.0](https://vuldb.com/?ip.41.78.192.0) | - | - | High
+12 | [41.79.232.0](https://vuldb.com/?ip.41.79.232.0) | - | - | High
+13 | [41.79.234.0](https://vuldb.com/?ip.41.79.234.0) | - | - | High
+14 | [41.189.192.0](https://vuldb.com/?ip.41.189.192.0) | - | - | High
+15 | [41.190.72.0](https://vuldb.com/?ip.41.190.72.0) | - | - | High
+16 | [41.190.80.0](https://vuldb.com/?ip.41.190.80.0) | - | - | High
+17 | [41.190.232.0](https://vuldb.com/?ip.41.190.232.0) | - | - | High
+18 | [41.194.60.0](https://vuldb.com/?ip.41.194.60.0) | - | - | High
+19 | [41.194.71.0](https://vuldb.com/?ip.41.194.71.0) | - | - | High
+20 | [41.194.74.0](https://vuldb.com/?ip.41.194.74.0) | - | - | High
+21 | [41.197.47.0](https://vuldb.com/?ip.41.197.47.0) | - | - | High
+22 | [41.207.115.0](https://vuldb.com/?ip.41.207.115.0) | - | - | High
+23 | [41.207.121.0](https://vuldb.com/?ip.41.207.121.0) | - | - | High
+24 | [41.207.125.0](https://vuldb.com/?ip.41.207.125.0) | - | - | High
+25 | [41.215.252.0](https://vuldb.com/?ip.41.215.252.0) | - | - | High
+26 | [41.218.109.0](https://vuldb.com/?ip.41.218.109.0) | - | - | High
+27 | [41.221.218.0](https://vuldb.com/?ip.41.221.218.0) | - | - | High
+28 | [41.222.196.0](https://vuldb.com/?ip.41.222.196.0) | 0-196-222-41.r.airtel.cd | - | High
+29 | [41.222.216.0](https://vuldb.com/?ip.41.222.216.0) | - | - | High
+30 | ... | ... | ... | ...
 
-There are 36 more IOC items available. Please use our online service to access the data.
+There are 117 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -40,59 +56,16 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
-2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
-
-There are 14 more TTP items available. Please use our online service to access the data.
-
-## IOA - Indicator of Attack
-
-These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Congo Republic Unknown. This data is unique as it uses our predictive model for actor profiling.
-
-ID | Type | Indicator | Confidence
--- | ---- | --------- | ----------
-1 | File | `.htaccess` | Medium
-2 | File | `/+CSCOE+/logon.html` | High
-3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
-4 | File | `/admin/addemployee.php` | High
-5 | File | `/admin/index.php` | High
-6 | File | `/apilog.php` | Medium
-7 | File | `/appliance/users?action=edit` | High
-8 | File | `/filemanager/upload.php` | High
-9 | File | `/forum/away.php` | High
-10 | File | `/if.cgi` | Low
-11 | File | `/mifs/c/i/reg/reg.html` | High
-12 | File | `/modules/profile/index.php` | High
-13 | File | `/news.dtl.php` | High
-14 | File | `/php_action/createUser.php` | High
-15 | File | `/see_more_details.php` | High
-16 | File | `/services/details.asp` | High
-17 | File | `/setup` | Low
-18 | File | `/spip.php` | Medium
-19 | File | `/uncpath/` | Medium
-20 | File | `/var/log/nginx` | High
-21 | File | `/VPortal/mgtconsole/Subscriptions.jsp` | High
-22 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-23 | File | `act.php` | Low
-24 | File | `adclick.php` | Medium
-25 | File | `admin` | Low
-26 | File | `admin.php` | Medium
-27 | File | `admin/adminsignin.html` | High
-28 | File | `admin/movieview.php` | High
-29 | File | `admin/notices/perso.inc.php` | High
-30 | File | `admin/versions.html` | High
-31 | ... | ... | ...
-
-There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+1 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+2 | T1552 | CWE-640 | ASP.NET Misconfiguration: Password in Configuration File | High
+3 | T1592 | CWE-200 | Configuration | High
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_cg.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_cd.netset
 
 ## Literature
 

actors/Conti/README.md

@@ -525,13 +525,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
-2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 22 more TTP items available. Please use our online service to access the data.
+There are 21 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -546,42 +546,42 @@ ID | Type | Indicator | Confidence
 5 | File | `/admin/add-new.php` | High
 6 | File | `/admin/doctors.php` | High
 7 | File | `/admin/submit-articles` | High
-8 | File | `/admin/subnets/ripe-query.php` | High
-9 | File | `/alphaware/summary.php` | High
+8 | File | `/alphaware/summary.php` | High
+9 | File | `/api/` | Low
 10 | File | `/appliance/users?action=edit` | High
 11 | File | `/apply.cgi` | Medium
 12 | File | `/attachments` | Medium
 13 | File | `/backup.pl` | Medium
 14 | File | `/boat/login.php` | High
 15 | File | `/bsms_ci/index.php/book` | High
-16 | File | `/context/%2e/WEB-INF/web.xml` | High
-17 | File | `/debug/pprof` | Medium
-18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-19 | File | `/edoc/doctor/patient.php` | High
-20 | File | `/etc/hosts` | Medium
-21 | File | `/etc/ldap.conf` | High
-22 | File | `/etc/quagga` | Medium
-23 | File | `/etc/shadow` | Medium
-24 | File | `/event/admin/?page=user/list` | High
-25 | File | `/foms/place-order.php` | High
-26 | File | `/forum/away.php` | High
-27 | File | `/h/calendar` | Medium
-28 | File | `/hardware` | Medium
-29 | File | `/index.php` | Medium
-30 | File | `/medicines/profile.php` | High
-31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-32 | File | `/out.php` | Medium
-33 | File | `/php-scrm/login.php` | High
-34 | File | `/proxy` | Low
-35 | File | `/reservation/add_message.php` | High
-36 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
-37 | File | `/spip.php` | Medium
-38 | File | `/tmp` | Low
-39 | File | `/uncpath/` | Medium
-40 | File | `/user/loader.php?api=1` | High
-41 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-42 | File | `/video-sharing-script/watch-video.php` | High
-43 | File | `/wp-admin/admin-ajax.php` | High
+16 | File | `/debug/pprof` | Medium
+17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+18 | File | `/edoc/doctor/patient.php` | High
+19 | File | `/etc/hosts` | Medium
+20 | File | `/etc/ldap.conf` | High
+21 | File | `/etc/quagga` | Medium
+22 | File | `/etc/shadow` | Medium
+23 | File | `/event/admin/?page=user/list` | High
+24 | File | `/forum/away.php` | High
+25 | File | `/hardware` | Medium
+26 | File | `/index.php` | Medium
+27 | File | `/medicines/profile.php` | High
+28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+29 | File | `/out.php` | Medium
+30 | File | `/php-scrm/login.php` | High
+31 | File | `/proxy` | Low
+32 | File | `/reservation/add_message.php` | High
+33 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+34 | File | `/Session` | Medium
+35 | File | `/spip.php` | Medium
+36 | File | `/tmp` | Low
+37 | File | `/uncpath/` | Medium
+38 | File | `/user/loader.php?api=1` | High
+39 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+40 | File | `/video-sharing-script/watch-video.php` | High
+41 | File | `/wireless/security.asp` | High
+42 | File | `/wp-admin/admin-ajax.php` | High
+43 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
 44 | ... | ... | ...
 
 There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

actors/Cook Islands Unknown/README.md

@@ -23,10 +23,10 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.62.56.64](https://vuldb.com/?ip.5.62.56.64) | r-64-56-62-5.consumer-pool.prcdn.net | - | High
 2 | [5.62.58.60](https://vuldb.com/?ip.5.62.58.60) | r-60-58-62-5.consumer-pool.prcdn.net | - | High
-3 | [45.12.70.45](https://vuldb.com/?ip.45.12.70.45) | earns.get-eye.com | - | High
+3 | [14.137.40.0](https://vuldb.com/?ip.14.137.40.0) | - | - | High
 4 | ... | ... | ... | ...
 
-There are 9 more IOC items available. Please use our online service to access the data.
+There are 10 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -91,16 +91,17 @@ ID | Type | Indicator | Confidence
 41 | File | `admin/param/param_func.inc.php` | High
 42 | File | `admin/y_admin.asp` | High
 43 | File | `adminer.php` | Medium
-44 | File | `administrator/components/com_media/helpers/media.php` | High
-45 | File | `admin_ok.asp` | Medium
-46 | File | `app/Core/Paginator.php` | High
-47 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
-48 | File | `artlinks.dispnew.php` | High
-49 | File | `auth.php` | Medium
-50 | File | `bin/named/query.c` | High
-51 | File | `blank.php` | Medium
-52 | File | `blocklayered-ajax.php` | High
-53 | ... | ... | ...
+44 | File | `administration/admins.php` | High
+45 | File | `administrator/components/com_media/helpers/media.php` | High
+46 | File | `admin_ok.asp` | Medium
+47 | File | `app/Core/Paginator.php` | High
+48 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
+49 | File | `artlinks.dispnew.php` | High
+50 | File | `auth.php` | Medium
+51 | File | `bin/named/query.c` | High
+52 | File | `blank.php` | Medium
+53 | File | `blocklayered-ajax.php` | High
+54 | ... | ... | ...
 
 There are 466 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
@@ -109,6 +110,7 @@ There are 466 more IOA items available (file, library, argument, input value, pa
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_ck.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ck.netset
 
 ## Literature
 

actors/CoolWebSearch/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * ...
 
-There are 9 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -154,14 +154,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+5 | ... | ... | ... | ...
 
-There are 18 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -170,51 +169,55 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/action/wirelessConnect` | High
-3 | File | `/admin/upload/upload` | High
-4 | File | `/attachments` | Medium
-5 | File | `/bsms_ci/index.php/book` | High
-6 | File | `/cgi-bin/DownloadFlash` | High
-7 | File | `/cgi-bin/wlogin.cgi` | High
-8 | File | `/config/getuser` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/etc/hosts` | Medium
-11 | File | `/example/editor` | High
-12 | File | `/forum/away.php` | High
-13 | File | `/HNAP1` | Low
-14 | File | `/index` | Low
-15 | File | `/iu-application/controllers/administration/auth.php` | High
-16 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
-17 | File | `/medicines/profile.php` | High
-18 | File | `/obs/book.php` | High
-19 | File | `/ossn/administrator/com_installer` | High
-20 | File | `/pms/update_user.php?user_id=1` | High
-21 | File | `/sre/params.php` | High
-22 | File | `/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc` | High
-23 | File | `/tmp` | Low
-24 | File | `/tmp/xbindkeysrc-tmp` | High
-25 | File | `/user/upload/upload` | High
-26 | File | `/Users` | Low
-27 | File | `/var/spool/hylafax` | High
-28 | File | `/vendor` | Low
-29 | File | `access_rules/rules_form` | High
-30 | File | `accountrecoveryendpoint/recoverpassword.do` | High
-31 | File | `action/addproject.php` | High
-32 | File | `adclick.php` | Medium
-33 | File | `add_contestant.php` | High
-34 | File | `admin.php` | Medium
-35 | File | `admin/ajax.attachment.php` | High
-36 | File | `admin/index.php` | High
-37 | File | `admin/make_payments.php` | High
-38 | File | `admin/sysCheckFile_deal.php` | High
-39 | File | `Advanced_ASUSDDNS_Content.asp` | High
-40 | File | `af_netlink.c` | Medium
-41 | File | `album_portal.php` | High
-42 | File | `and/or` | Low
-43 | File | `AppRestrictionsFragment.java` | High
-44 | ... | ... | ...
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/doctors.php` | High
+6 | File | `/admin/upload/upload` | High
+7 | File | `/alphaware/summary.php` | High
+8 | File | `/boat/login.php` | High
+9 | File | `/bsms_ci/index.php/book` | High
+10 | File | `/cgi-bin/wlogin.cgi` | High
+11 | File | `/config/getuser` | High
+12 | File | `/debug/pprof` | Medium
+13 | File | `/ecshop/admin/template.php` | High
+14 | File | `/forum/away.php` | High
+15 | File | `/forum/PostPrivateMessage` | High
+16 | File | `/home/www/cgi-bin/login.cgi` | High
+17 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
+18 | File | `/medicines/profile.php` | High
+19 | File | `/net-banking/customer_transactions.php` | High
+20 | File | `/obs/book.php` | High
+21 | File | `/ossn/administrator/com_installer` | High
+22 | File | `/pms/update_user.php?user_id=1` | High
+23 | File | `/reservation/add_message.php` | High
+24 | File | `/spip.php` | Medium
+25 | File | `/sre/params.php` | High
+26 | File | `/tmp` | Low
+27 | File | `/user/upload/upload` | High
+28 | File | `/Users` | Low
+29 | File | `/var/spool/hylafax` | High
+30 | File | `/vendor` | Low
+31 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+32 | File | `/video-sharing-script/watch-video.php` | High
+33 | File | `accountrecoveryendpoint/recoverpassword.do` | High
+34 | File | `AcquisiAction.class.php` | High
+35 | File | `action/addproject.php` | High
+36 | File | `adclick.php` | Medium
+37 | File | `add_contestant.php` | High
+38 | File | `admin.php` | Medium
+39 | File | `admin/add_payment.php` | High
+40 | File | `admin/conf_users_edit.php` | High
+41 | File | `admin/disapprove_user.php` | High
+42 | File | `admin/fecalysis_form.php` | High
+43 | File | `admin/forget_password.php` | High
+44 | File | `admin/index.php` | High
+45 | File | `admin/make_payments.php` | High
+46 | File | `admin/posts.php?source=add_post` | High
+47 | File | `admin/sysCheckFile_deal.php` | High
+48 | ... | ... | ...
 
-There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/CopyKittens/README.md

@@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [PL](https://vuldb.com/?country.pl)
 * ...
 
-There are 9 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -111,7 +111,7 @@ ID | Type | Indicator | Confidence
 40 | File | `/release-x64/otfccdump+0x6e412a` | High
 41 | ... | ... | ...
 
-There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Costa Rica Unknown/README.md

@@ -21,69 +21,91 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.62.56.68](https://vuldb.com/?ip.5.62.56.68) | r-68-56-62-5.consumer-pool.prcdn.net | - | High
-2 | [5.62.58.64](https://vuldb.com/?ip.5.62.58.64) | r-64-58-62-5.consumer-pool.prcdn.net | - | High
-3 | [8.243.240.0](https://vuldb.com/?ip.8.243.240.0) | - | - | High
-4 | [23.229.109.0](https://vuldb.com/?ip.23.229.109.0) | - | - | High
-5 | [34.99.96.0](https://vuldb.com/?ip.34.99.96.0) | 0.96.99.34.bc.googleusercontent.com | - | Medium
-6 | [34.99.116.0](https://vuldb.com/?ip.34.99.116.0) | 0.116.99.34.bc.googleusercontent.com | - | Medium
-7 | [37.35.105.204](https://vuldb.com/?ip.37.35.105.204) | global8.peakmont-dynamics.com | - | High
-8 | [38.87.253.0](https://vuldb.com/?ip.38.87.253.0) | - | - | High
-9 | [45.5.60.0](https://vuldb.com/?ip.45.5.60.0) | - | - | High
-10 | [45.7.140.0](https://vuldb.com/?ip.45.7.140.0) | - | - | High
-11 | [45.12.70.50](https://vuldb.com/?ip.45.12.70.50) | inflect.get-eye.com | - | High
-12 | [45.12.71.50](https://vuldb.com/?ip.45.12.71.50) | - | - | High
-13 | [45.130.72.0](https://vuldb.com/?ip.45.130.72.0) | - | - | High
-14 | [45.160.132.0](https://vuldb.com/?ip.45.160.132.0) | - | - | High
-15 | [45.162.204.0](https://vuldb.com/?ip.45.162.204.0) | - | - | High
-16 | [45.163.136.0](https://vuldb.com/?ip.45.163.136.0) | - | - | High
-17 | [45.167.17.0](https://vuldb.com/?ip.45.167.17.0) | - | - | High
-18 | [45.167.196.0](https://vuldb.com/?ip.45.167.196.0) | - | - | High
-19 | [45.168.196.0](https://vuldb.com/?ip.45.168.196.0) | - | - | High
-20 | [45.182.43.0](https://vuldb.com/?ip.45.182.43.0) | - | - | High
-21 | [45.185.43.0](https://vuldb.com/?ip.45.185.43.0) | - | - | High
-22 | [45.188.128.0](https://vuldb.com/?ip.45.188.128.0) | - | - | High
-23 | [45.224.202.0](https://vuldb.com/?ip.45.224.202.0) | - | - | High
-24 | [45.226.64.0](https://vuldb.com/?ip.45.226.64.0) | - | - | High
-25 | [45.227.200.0](https://vuldb.com/?ip.45.227.200.0) | - | - | High
-26 | [45.229.151.0](https://vuldb.com/?ip.45.229.151.0) | - | - | High
-27 | [45.229.246.0](https://vuldb.com/?ip.45.229.246.0) | - | - | High
-28 | [45.229.252.0](https://vuldb.com/?ip.45.229.252.0) | - | - | High
-29 | [45.231.52.0](https://vuldb.com/?ip.45.231.52.0) | - | - | High
-30 | [45.232.116.0](https://vuldb.com/?ip.45.232.116.0) | - | - | High
-31 | [45.239.64.0](https://vuldb.com/?ip.45.239.64.0) | - | - | High
-32 | [46.166.172.16](https://vuldb.com/?ip.46.166.172.16) | - | - | High
-33 | [57.75.224.0](https://vuldb.com/?ip.57.75.224.0) | - | - | High
-34 | [64.47.3.226](https://vuldb.com/?ip.64.47.3.226) | - | - | High
-35 | [64.86.216.0](https://vuldb.com/?ip.64.86.216.0) | - | - | High
-36 | [64.212.113.64](https://vuldb.com/?ip.64.212.113.64) | - | - | High
-37 | [65.182.11.0](https://vuldb.com/?ip.65.182.11.0) | - | - | High
-38 | [65.182.12.0](https://vuldb.com/?ip.65.182.12.0) | - | - | High
-39 | [65.182.16.0](https://vuldb.com/?ip.65.182.16.0) | - | - | High
-40 | [65.182.24.0](https://vuldb.com/?ip.65.182.24.0) | - | - | High
-41 | [65.182.28.0](https://vuldb.com/?ip.65.182.28.0) | - | - | High
-42 | [65.182.30.0](https://vuldb.com/?ip.65.182.30.0) | - | - | High
-43 | [67.73.254.0](https://vuldb.com/?ip.67.73.254.0) | - | - | High
-44 | [81.92.26.232](https://vuldb.com/?ip.81.92.26.232) | - | - | High
-45 | [82.195.173.246](https://vuldb.com/?ip.82.195.173.246) | - | - | High
-46 | [91.188.200.0](https://vuldb.com/?ip.91.188.200.0) | - | - | High
-47 | [94.124.96.0](https://vuldb.com/?ip.94.124.96.0) | - | - | High
-48 | [104.207.89.0](https://vuldb.com/?ip.104.207.89.0) | - | - | High
-49 | [128.90.107.0](https://vuldb.com/?ip.128.90.107.0) | undefined.hostname.localhost | - | High
-50 | [128.90.114.0](https://vuldb.com/?ip.128.90.114.0) | undefined.hostname.localhost | - | High
-51 | [128.201.144.0](https://vuldb.com/?ip.128.201.144.0) | - | - | High
-52 | [131.0.72.0](https://vuldb.com/?ip.131.0.72.0) | - | - | High
-53 | [131.108.36.0](https://vuldb.com/?ip.131.108.36.0) | - | - | High
-54 | [131.196.32.0](https://vuldb.com/?ip.131.196.32.0) | - | - | High
-55 | [138.59.16.0](https://vuldb.com/?ip.138.59.16.0) | - | - | High
-56 | [138.59.132.0](https://vuldb.com/?ip.138.59.132.0) | - | - | High
-57 | [138.94.56.0](https://vuldb.com/?ip.138.94.56.0) | - | - | High
-58 | [138.118.80.0](https://vuldb.com/?ip.138.118.80.0) | - | - | High
-59 | [138.118.156.0](https://vuldb.com/?ip.138.118.156.0) | - | - | High
-60 | [138.121.140.0](https://vuldb.com/?ip.138.121.140.0) | - | - | High
-61 | ... | ... | ... | ...
+1 | [2.59.172.0](https://vuldb.com/?ip.2.59.172.0) | - | - | High
+2 | [5.62.56.68](https://vuldb.com/?ip.5.62.56.68) | r-68-56-62-5.consumer-pool.prcdn.net | - | High
+3 | [5.62.58.64](https://vuldb.com/?ip.5.62.58.64) | r-64-58-62-5.consumer-pool.prcdn.net | - | High
+4 | [8.242.196.0](https://vuldb.com/?ip.8.242.196.0) | - | - | High
+5 | [8.243.240.0](https://vuldb.com/?ip.8.243.240.0) | - | - | High
+6 | [23.15.244.0](https://vuldb.com/?ip.23.15.244.0) | a23-15-244-0.deploy.static.akamaitechnologies.com | - | High
+7 | [23.79.232.0](https://vuldb.com/?ip.23.79.232.0) | a23-79-232-0.deploy.static.akamaitechnologies.com | - | High
+8 | [23.229.109.0](https://vuldb.com/?ip.23.229.109.0) | - | - | High
+9 | [34.99.96.0](https://vuldb.com/?ip.34.99.96.0) | 0.96.99.34.bc.googleusercontent.com | - | Medium
+10 | [34.99.116.0](https://vuldb.com/?ip.34.99.116.0) | 0.116.99.34.bc.googleusercontent.com | - | Medium
+11 | [34.99.126.0](https://vuldb.com/?ip.34.99.126.0) | 0.126.99.34.bc.googleusercontent.com | - | Medium
+12 | [37.35.105.204](https://vuldb.com/?ip.37.35.105.204) | global8.peakmont-dynamics.com | - | High
+13 | [38.87.253.0](https://vuldb.com/?ip.38.87.253.0) | - | - | High
+14 | [45.5.60.0](https://vuldb.com/?ip.45.5.60.0) | - | - | High
+15 | [45.7.140.0](https://vuldb.com/?ip.45.7.140.0) | - | - | High
+16 | [45.12.70.50](https://vuldb.com/?ip.45.12.70.50) | inflect.get-eye.com | - | High
+17 | [45.12.71.50](https://vuldb.com/?ip.45.12.71.50) | - | - | High
+18 | [45.65.188.0](https://vuldb.com/?ip.45.65.188.0) | - | - | High
+19 | [45.77.194.0](https://vuldb.com/?ip.45.77.194.0) | - | - | High
+20 | [45.85.85.0](https://vuldb.com/?ip.45.85.85.0) | - | - | High
+21 | [45.85.86.0](https://vuldb.com/?ip.45.85.86.0) | - | - | High
+22 | [45.130.72.0](https://vuldb.com/?ip.45.130.72.0) | - | - | High
+23 | [45.160.132.0](https://vuldb.com/?ip.45.160.132.0) | - | - | High
+24 | [45.162.204.0](https://vuldb.com/?ip.45.162.204.0) | - | - | High
+25 | [45.163.136.0](https://vuldb.com/?ip.45.163.136.0) | - | - | High
+26 | [45.167.17.0](https://vuldb.com/?ip.45.167.17.0) | - | - | High
+27 | [45.167.196.0](https://vuldb.com/?ip.45.167.196.0) | - | - | High
+28 | [45.168.196.0](https://vuldb.com/?ip.45.168.196.0) | - | - | High
+29 | [45.182.43.0](https://vuldb.com/?ip.45.182.43.0) | - | - | High
+30 | [45.185.43.0](https://vuldb.com/?ip.45.185.43.0) | - | - | High
+31 | [45.185.129.0](https://vuldb.com/?ip.45.185.129.0) | - | - | High
+32 | [45.188.128.0](https://vuldb.com/?ip.45.188.128.0) | - | - | High
+33 | [45.188.216.0](https://vuldb.com/?ip.45.188.216.0) | - | - | High
+34 | [45.224.202.0](https://vuldb.com/?ip.45.224.202.0) | - | - | High
+35 | [45.226.64.0](https://vuldb.com/?ip.45.226.64.0) | - | - | High
+36 | [45.227.200.0](https://vuldb.com/?ip.45.227.200.0) | - | - | High
+37 | [45.229.151.0](https://vuldb.com/?ip.45.229.151.0) | - | - | High
+38 | [45.229.246.0](https://vuldb.com/?ip.45.229.246.0) | - | - | High
+39 | [45.229.252.0](https://vuldb.com/?ip.45.229.252.0) | - | - | High
+40 | [45.231.52.0](https://vuldb.com/?ip.45.231.52.0) | - | - | High
+41 | [45.232.116.0](https://vuldb.com/?ip.45.232.116.0) | - | - | High
+42 | [45.239.64.0](https://vuldb.com/?ip.45.239.64.0) | - | - | High
+43 | [46.166.172.16](https://vuldb.com/?ip.46.166.172.16) | - | - | High
+44 | [57.74.80.0](https://vuldb.com/?ip.57.74.80.0) | - | - | High
+45 | [57.75.224.0](https://vuldb.com/?ip.57.75.224.0) | - | - | High
+46 | [63.141.205.0](https://vuldb.com/?ip.63.141.205.0) | - | - | High
+47 | [64.47.3.226](https://vuldb.com/?ip.64.47.3.226) | - | - | High
+48 | [64.86.216.0](https://vuldb.com/?ip.64.86.216.0) | - | - | High
+49 | [64.212.113.64](https://vuldb.com/?ip.64.212.113.64) | - | - | High
+50 | [65.182.11.0](https://vuldb.com/?ip.65.182.11.0) | - | - | High
+51 | [65.182.12.0](https://vuldb.com/?ip.65.182.12.0) | - | - | High
+52 | [65.182.16.0](https://vuldb.com/?ip.65.182.16.0) | - | - | High
+53 | [65.182.24.0](https://vuldb.com/?ip.65.182.24.0) | - | - | High
+54 | [65.182.28.0](https://vuldb.com/?ip.65.182.28.0) | - | - | High
+55 | [65.182.30.0](https://vuldb.com/?ip.65.182.30.0) | - | - | High
+56 | [67.73.254.0](https://vuldb.com/?ip.67.73.254.0) | - | - | High
+57 | [69.25.4.0](https://vuldb.com/?ip.69.25.4.0) | - | - | High
+58 | [70.35.148.0](https://vuldb.com/?ip.70.35.148.0) | - | - | High
+59 | [77.243.92.0](https://vuldb.com/?ip.77.243.92.0) | - | - | High
+60 | [77.243.94.0](https://vuldb.com/?ip.77.243.94.0) | - | - | High
+61 | [81.92.26.232](https://vuldb.com/?ip.81.92.26.232) | - | - | High
+62 | [82.195.173.246](https://vuldb.com/?ip.82.195.173.246) | - | - | High
+63 | [91.188.200.0](https://vuldb.com/?ip.91.188.200.0) | - | - | High
+64 | [94.124.96.0](https://vuldb.com/?ip.94.124.96.0) | - | - | High
+65 | [102.38.232.0](https://vuldb.com/?ip.102.38.232.0) | - | - | High
+66 | [103.225.130.0](https://vuldb.com/?ip.103.225.130.0) | - | - | High
+67 | [104.97.180.0](https://vuldb.com/?ip.104.97.180.0) | a104-97-180-0.deploy.static.akamaitechnologies.com | - | High
+68 | [104.207.89.0](https://vuldb.com/?ip.104.207.89.0) | - | - | High
+69 | [128.90.107.0](https://vuldb.com/?ip.128.90.107.0) | undefined.hostname.localhost | - | High
+70 | [128.90.114.0](https://vuldb.com/?ip.128.90.114.0) | undefined.hostname.localhost | - | High
+71 | [128.201.144.0](https://vuldb.com/?ip.128.201.144.0) | - | - | High
+72 | [129.134.130.0](https://vuldb.com/?ip.129.134.130.0) | - | - | High
+73 | [131.0.72.0](https://vuldb.com/?ip.131.0.72.0) | - | - | High
+74 | [131.108.36.0](https://vuldb.com/?ip.131.108.36.0) | - | - | High
+75 | [131.196.32.0](https://vuldb.com/?ip.131.196.32.0) | - | - | High
+76 | [134.238.177.0](https://vuldb.com/?ip.134.238.177.0) | - | - | High
+77 | [134.238.178.0](https://vuldb.com/?ip.134.238.178.0) | - | - | High
+78 | [134.238.207.0](https://vuldb.com/?ip.134.238.207.0) | - | - | High
+79 | [138.59.16.0](https://vuldb.com/?ip.138.59.16.0) | - | - | High
+80 | [138.59.132.0](https://vuldb.com/?ip.138.59.132.0) | - | - | High
+81 | [138.94.56.0](https://vuldb.com/?ip.138.94.56.0) | - | - | High
+82 | [138.118.80.0](https://vuldb.com/?ip.138.118.80.0) | - | - | High
+83 | ... | ... | ... | ...
 
-There are 241 more IOC items available. Please use our online service to access the data.
+There are 326 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -91,7 +113,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
@@ -107,74 +129,77 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `.htaccess` | Medium
-3 | File | `/Admin/add-student.php` | High
-4 | File | `/admin/api/admin/articles/` | High
-5 | File | `/admin/conferences/list/` | High
-6 | File | `/admin/edit_admin_details.php?id=admin` | High
-7 | File | `/admin/generalsettings.php` | High
-8 | File | `/Admin/login.php` | High
-9 | File | `/admin/payment.php` | High
-10 | File | `/admin/reports.php` | High
-11 | File | `/admin/showbad.php` | High
-12 | File | `/admin_page/all-files-update-ajax.php` | High
-13 | File | `/apilog.php` | Medium
-14 | File | `/cgi-bin/kerbynet` | High
-15 | File | `/cgi-bin/wlogin.cgi` | High
-16 | File | `/connectors/index.php` | High
-17 | File | `/dev/block/mmcblk0rpmb` | High
-18 | File | `/dms/admin/reports/daily_collection_report.php` | High
-19 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-20 | File | `/face-recognition-php/facepay-master/camera.php` | High
-21 | File | `/forum/away.php` | High
-22 | File | `/fos/admin/ajax.php?action=login` | High
-23 | File | `/fos/admin/index.php?page=menu` | High
-24 | File | `/hrm/employeeadd.php` | High
-25 | File | `/hrm/employeeview.php` | High
-26 | File | `/index.php` | Medium
-27 | File | `/Items/*/RemoteImages/Download` | High
-28 | File | `/items/view_item.php` | High
-29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-30 | File | `/lists/admin/` | High
-31 | File | `/lookin/info` | Medium
-32 | File | `/MagickCore/image.c` | High
-33 | File | `/manager/index.php` | High
-34 | File | `/medical/inventories.php` | High
-35 | File | `/modules/profile/index.php` | High
-36 | File | `/modules/projects/vw_files.php` | High
-37 | File | `/modules/public/calendar.php` | High
-38 | File | `/newsDia.php` | Medium
-39 | File | `/out.php` | Medium
-40 | File | `/proxy` | Low
-41 | File | `/public/launchNewWindow.jsp` | High
-42 | File | `/Redcock-Farm/farm/category.php` | High
-43 | File | `/reports/rwservlet` | High
-44 | File | `/sacco_shield/manage_user.php` | High
-45 | File | `/spip.php` | Medium
-46 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-47 | File | `/staff/bookdetails.php` | High
-48 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-49 | File | `/user/update_booking.php` | High
-50 | File | `/WEB-INF/web.xml` | High
-51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-52 | File | `/Wedding-Management/package_detail.php` | High
-53 | File | `/wordpress/wp-admin/options-general.php` | High
-54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-55 | File | `01article.php` | High
-56 | File | `AbstractScheduleJob.java` | High
-57 | File | `actionphp/download.File.php` | High
-58 | File | `AdClass.php` | Medium
-59 | File | `adclick.php` | Medium
-60 | File | `addtocart.asp` | High
-61 | ... | ... | ...
+2 | File | `/Admin/add-student.php` | High
+3 | File | `/admin/api/admin/articles/` | High
+4 | File | `/Admin/login.php` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+7 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+8 | File | `/apilog.php` | Medium
+9 | File | `/APR/login.php` | High
+10 | File | `/bin/httpd` | Medium
+11 | File | `/cgi-bin/wapopen` | High
+12 | File | `/cgi-bin/wlogin.cgi` | High
+13 | File | `/connectors/index.php` | High
+14 | File | `/dev/block/mmcblk0rpmb` | High
+15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+16 | File | `/face-recognition-php/facepay-master/camera.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/fos/admin/ajax.php?action=login` | High
+19 | File | `/fos/admin/index.php?page=menu` | High
+20 | File | `/home/masterConsole` | High
+21 | File | `/home/sendBroadcast` | High
+22 | File | `/hrm/employeeadd.php` | High
+23 | File | `/hrm/employeeview.php` | High
+24 | File | `/index.php` | Medium
+25 | File | `/items/view_item.php` | High
+26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+27 | File | `/lookin/info` | Medium
+28 | File | `/manager/index.php` | High
+29 | File | `/medical/inventories.php` | High
+30 | File | `/modules/profile/index.php` | High
+31 | File | `/modules/projects/vw_files.php` | High
+32 | File | `/modules/public/calendar.php` | High
+33 | File | `/mygym/admin/index.php?view_exercises` | High
+34 | File | `/newsDia.php` | Medium
+35 | File | `/out.php` | Medium
+36 | File | `/php-opos/index.php` | High
+37 | File | `/proxy` | Low
+38 | File | `/public/launchNewWindow.jsp` | High
+39 | File | `/Redcock-Farm/farm/category.php` | High
+40 | File | `/reports/rwservlet` | High
+41 | File | `/sacco_shield/manage_user.php` | High
+42 | File | `/spip.php` | Medium
+43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+44 | File | `/staff/bookdetails.php` | High
+45 | File | `/uncpath/` | Medium
+46 | File | `/user/update_booking.php` | High
+47 | File | `/WEB-INF/web.xml` | High
+48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+49 | File | `/wireless/security.asp` | High
+50 | File | `/wordpress/wp-admin/options-general.php` | High
+51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+52 | File | `01article.php` | High
+53 | File | `AbstractScheduleJob.java` | High
+54 | File | `actionphp/download.File.php` | High
+55 | File | `activenews_view.asp` | High
+56 | File | `adclick.php` | Medium
+57 | File | `addtocart.asp` | High
+58 | File | `admin.php` | Medium
+59 | File | `admin/abc.php` | High
+60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+61 | File | `admin/admin/adminsave.html` | High
+62 | File | `admin/conf_users_edit.php` | High
+63 | ... | ... | ...
 
-There are 530 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 553 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_cr.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_cr.netset
 
 ## Literature
 

actors/CrimsonRAT/README.md

@@ -0,0 +1,63 @@
+# CrimsonRAT - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CrimsonRAT](https://vuldb.com/?actor.crimsonrat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.crimsonrat](https://vuldb.com/?actor.crimsonrat)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CrimsonRAT:
+
+* [US](https://vuldb.com/?country.us)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CrimsonRAT.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [192.3.99.68](https://vuldb.com/?ip.192.3.99.68) | 192-3-99-68-host.colocrossing.com | - | High
+2 | [198.37.123.126](https://vuldb.com/?ip.198.37.123.126) | server902.vebhost.com | - | High
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _CrimsonRAT_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+3 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+4 | ... | ... | ... | ...
+
+There are 4 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CrimsonRAT. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/forgetpassword.php` | High
+2 | File | `add_comment.php` | High
+3 | File | `ardguest.php` | Medium
+4 | ... | ... | ...
+
+There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://github.com/Cisco-Talos/IOCs/blob/main/2022/07/transparent-tribe-targets-education.txt
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/Croatia Unknown/README.md

@@ -22,80 +22,102 @@ ID | IP address | Hostname | Campaign | Confidence
 3 | [2.58.48.0](https://vuldb.com/?ip.2.58.48.0) | start.softnet.si | - | High
 4 | [5.39.128.0](https://vuldb.com/?ip.5.39.128.0) | - | - | High
 5 | [5.43.160.0](https://vuldb.com/?ip.5.43.160.0) | 5-43-160-0.dsl.optinet.hr | - | High
-6 | [5.62.61.228](https://vuldb.com/?ip.5.62.61.228) | r-228-61-62-5.consumer-pool.prcdn.net | - | High
-7 | [5.62.63.224](https://vuldb.com/?ip.5.62.63.224) | r-224-63-62-5.consumer-pool.prcdn.net | - | High
-8 | [5.175.186.200](https://vuldb.com/?ip.5.175.186.200) | - | - | High
-9 | [5.180.216.0](https://vuldb.com/?ip.5.180.216.0) | - | - | High
-10 | [5.188.10.0](https://vuldb.com/?ip.5.188.10.0) | - | - | High
-11 | [5.231.9.0](https://vuldb.com/?ip.5.231.9.0) | - | - | High
-12 | [5.231.77.0](https://vuldb.com/?ip.5.231.77.0) | - | - | High
-13 | [8.39.6.0](https://vuldb.com/?ip.8.39.6.0) | - | - | High
-14 | [31.45.128.0](https://vuldb.com/?ip.31.45.128.0) | srv-31-45-128-0.static.a1.hr | - | High
-15 | [31.147.0.0](https://vuldb.com/?ip.31.147.0.0) | vipnet0.mobile.carnet.hr | - | High
-16 | [31.216.192.0](https://vuldb.com/?ip.31.216.192.0) | - | - | High
-17 | [31.217.0.0](https://vuldb.com/?ip.31.217.0.0) | - | - | High
-18 | [34.99.142.0](https://vuldb.com/?ip.34.99.142.0) | 0.142.99.34.bc.googleusercontent.com | - | Medium
-19 | [34.99.214.0](https://vuldb.com/?ip.34.99.214.0) | 0.214.99.34.bc.googleusercontent.com | - | Medium
-20 | [34.103.158.0](https://vuldb.com/?ip.34.103.158.0) | 0.158.103.34.bc.googleusercontent.com | - | Medium
-21 | [36.255.92.0](https://vuldb.com/?ip.36.255.92.0) | 36-255-92-0.cheapserviceswiki.com | - | High
-22 | [37.0.128.0](https://vuldb.com/?ip.37.0.128.0) | m37-0-128-0.cust.tele2.hr | - | High
-23 | [37.0.192.0](https://vuldb.com/?ip.37.0.192.0) | m37-0-192-0.cust.tele2.hr | - | High
-24 | [37.48.232.0](https://vuldb.com/?ip.37.48.232.0) | - | - | High
-25 | [37.60.128.0](https://vuldb.com/?ip.37.60.128.0) | - | - | High
-26 | [37.205.96.0](https://vuldb.com/?ip.37.205.96.0) | - | - | High
-27 | [37.244.128.0](https://vuldb.com/?ip.37.244.128.0) | srv-37-244-128-0.static.a1.hr | - | High
-28 | [43.113.227.0](https://vuldb.com/?ip.43.113.227.0) | - | - | High
-29 | [44.170.0.0](https://vuldb.com/?ip.44.170.0.0) | - | - | High
-30 | [45.12.70.99](https://vuldb.com/?ip.45.12.70.99) | inflects.yourbandinc.com | - | High
-31 | [45.12.71.99](https://vuldb.com/?ip.45.12.71.99) | - | - | High
-32 | [45.85.120.0](https://vuldb.com/?ip.45.85.120.0) | - | - | High
-33 | [45.87.24.0](https://vuldb.com/?ip.45.87.24.0) | - | - | High
-34 | [45.95.168.0](https://vuldb.com/?ip.45.95.168.0) | maxko-hosting.com | - | High
-35 | [45.136.188.0](https://vuldb.com/?ip.45.136.188.0) | - | - | High
-36 | [46.31.136.0](https://vuldb.com/?ip.46.31.136.0) | - | - | High
-37 | [46.163.0.0](https://vuldb.com/?ip.46.163.0.0) | - | - | High
-38 | [46.163.51.0](https://vuldb.com/?ip.46.163.51.0) | - | - | High
-39 | [46.163.53.0](https://vuldb.com/?ip.46.163.53.0) | - | - | High
-40 | [46.163.58.0](https://vuldb.com/?ip.46.163.58.0) | - | - | High
-41 | [46.174.136.0](https://vuldb.com/?ip.46.174.136.0) | - | - | High
-42 | [46.174.138.0](https://vuldb.com/?ip.46.174.138.0) | - | - | High
-43 | [46.188.128.0](https://vuldb.com/?ip.46.188.128.0) | - | - | High
-44 | [46.229.240.0](https://vuldb.com/?ip.46.229.240.0) | - | - | High
-45 | [46.229.248.0](https://vuldb.com/?ip.46.229.248.0) | - | - | High
-46 | [46.229.252.0](https://vuldb.com/?ip.46.229.252.0) | 46-229-252-0-dsl.novi-net.net | - | High
-47 | [46.234.64.0](https://vuldb.com/?ip.46.234.64.0) | - | - | High
-48 | [57.90.64.0](https://vuldb.com/?ip.57.90.64.0) | - | - | High
-49 | [63.170.203.144](https://vuldb.com/?ip.63.170.203.144) | - | - | High
-50 | [77.216.0.0](https://vuldb.com/?ip.77.216.0.0) | m77-216-0-0.cust.tele2.hr | - | High
-51 | [77.219.32.0](https://vuldb.com/?ip.77.219.32.0) | m77-219-32-0.cust.tele2.hr | - | High
-52 | [77.219.64.0](https://vuldb.com/?ip.77.219.64.0) | m77-219-64-0.cust.tele2.hr | - | High
-53 | [77.219.128.0](https://vuldb.com/?ip.77.219.128.0) | m77-219-128-0.cust.tele2.hr | - | High
-54 | [77.237.96.0](https://vuldb.com/?ip.77.237.96.0) | srv-77-237-96-0.static.a1.hr | - | High
-55 | [78.0.0.0](https://vuldb.com/?ip.78.0.0.0) | 78-0-0-0.adsl.net.t-com.hr | - | High
-56 | [78.134.128.0](https://vuldb.com/?ip.78.134.128.0) | 78.134.128.0-dsl.net.metronet.hr | - | High
-57 | [80.80.48.0](https://vuldb.com/?ip.80.80.48.0) | - | - | High
-58 | [80.253.162.0](https://vuldb.com/?ip.80.253.162.0) | - | - | High
-59 | [80.253.164.0](https://vuldb.com/?ip.80.253.164.0) | - | - | High
-60 | [80.253.168.0](https://vuldb.com/?ip.80.253.168.0) | - | - | High
-61 | [82.132.0.0](https://vuldb.com/?ip.82.132.0.0) | - | - | High
-62 | [82.193.192.0](https://vuldb.com/?ip.82.193.192.0) | - | - | High
-63 | [82.214.76.0](https://vuldb.com/?ip.82.214.76.0) | c82-214-76-0.loc.akton.net | - | High
-64 | [82.214.78.0](https://vuldb.com/?ip.82.214.78.0) | c82-214-78-0.loc.akton.net | - | High
-65 | [82.214.96.0](https://vuldb.com/?ip.82.214.96.0) | c82-214-96-0.loc.akton.net | - | High
-66 | [83.131.0.0](https://vuldb.com/?ip.83.131.0.0) | - | - | High
-67 | [83.139.64.0](https://vuldb.com/?ip.83.139.64.0) | - | - | High
-68 | [83.176.32.0](https://vuldb.com/?ip.83.176.32.0) | m83-176-32-0.cust.tele2.hr | - | High
-69 | [83.176.64.0](https://vuldb.com/?ip.83.176.64.0) | m83-176-64-0.cust.tele2.hr | - | High
-70 | [83.176.128.0](https://vuldb.com/?ip.83.176.128.0) | m83-176-128-0.cust.tele2.hr | - | High
-71 | [83.177.0.0](https://vuldb.com/?ip.83.177.0.0) | m83-177-0-0.cust.tele2.hr | - | High
-72 | [83.178.0.0](https://vuldb.com/?ip.83.178.0.0) | - | - | High
-73 | [83.178.104.0](https://vuldb.com/?ip.83.178.104.0) | m83-178-104-0.cust.tele2.hr | - | High
-74 | [83.178.112.0](https://vuldb.com/?ip.83.178.112.0) | m83-178-112-0.cust.tele2.hr | - | High
-75 | [83.178.234.0](https://vuldb.com/?ip.83.178.234.0) | m83-178-234-0.cust.tele2.hr | - | High
-76 | [83.178.236.0](https://vuldb.com/?ip.83.178.236.0) | m83-178-236-0.cust.tele2.hr | - | High
-77 | ... | ... | ... | ...
+6 | [5.59.36.0](https://vuldb.com/?ip.5.59.36.0) | - | - | High
+7 | [5.62.61.228](https://vuldb.com/?ip.5.62.61.228) | r-228-61-62-5.consumer-pool.prcdn.net | - | High
+8 | [5.62.63.224](https://vuldb.com/?ip.5.62.63.224) | r-224-63-62-5.consumer-pool.prcdn.net | - | High
+9 | [5.175.186.200](https://vuldb.com/?ip.5.175.186.200) | - | - | High
+10 | [5.180.216.0](https://vuldb.com/?ip.5.180.216.0) | - | - | High
+11 | [5.188.10.0](https://vuldb.com/?ip.5.188.10.0) | - | - | High
+12 | [5.231.9.0](https://vuldb.com/?ip.5.231.9.0) | - | - | High
+13 | [5.231.77.0](https://vuldb.com/?ip.5.231.77.0) | - | - | High
+14 | [8.39.6.0](https://vuldb.com/?ip.8.39.6.0) | - | - | High
+15 | [31.45.128.0](https://vuldb.com/?ip.31.45.128.0) | srv-31-45-128-0.static.a1.hr | - | High
+16 | [31.147.0.0](https://vuldb.com/?ip.31.147.0.0) | vipnet0.mobile.carnet.hr | - | High
+17 | [31.216.192.0](https://vuldb.com/?ip.31.216.192.0) | - | - | High
+18 | [31.217.0.0](https://vuldb.com/?ip.31.217.0.0) | - | - | High
+19 | [32.106.111.0](https://vuldb.com/?ip.32.106.111.0) | - | - | High
+20 | [32.106.112.0](https://vuldb.com/?ip.32.106.112.0) | - | - | High
+21 | [34.99.142.0](https://vuldb.com/?ip.34.99.142.0) | 0.142.99.34.bc.googleusercontent.com | - | Medium
+22 | [34.99.214.0](https://vuldb.com/?ip.34.99.214.0) | 0.214.99.34.bc.googleusercontent.com | - | Medium
+23 | [34.103.158.0](https://vuldb.com/?ip.34.103.158.0) | 0.158.103.34.bc.googleusercontent.com | - | Medium
+24 | [34.103.224.0](https://vuldb.com/?ip.34.103.224.0) | 0.224.103.34.bc.googleusercontent.com | - | Medium
+25 | [36.255.92.0](https://vuldb.com/?ip.36.255.92.0) | 36-255-92-0.cheapserviceswiki.com | - | High
+26 | [37.0.128.0](https://vuldb.com/?ip.37.0.128.0) | m37-0-128-0.cust.tele2.hr | - | High
+27 | [37.0.192.0](https://vuldb.com/?ip.37.0.192.0) | m37-0-192-0.cust.tele2.hr | - | High
+28 | [37.48.232.0](https://vuldb.com/?ip.37.48.232.0) | - | - | High
+29 | [37.58.20.0](https://vuldb.com/?ip.37.58.20.0) | - | - | High
+30 | [37.60.128.0](https://vuldb.com/?ip.37.60.128.0) | - | - | High
+31 | [37.205.96.0](https://vuldb.com/?ip.37.205.96.0) | - | - | High
+32 | [37.244.128.0](https://vuldb.com/?ip.37.244.128.0) | srv-37-244-128-0.static.a1.hr | - | High
+33 | [43.113.227.0](https://vuldb.com/?ip.43.113.227.0) | - | - | High
+34 | [44.170.0.0](https://vuldb.com/?ip.44.170.0.0) | - | - | High
+35 | [45.12.70.99](https://vuldb.com/?ip.45.12.70.99) | inflects.yourbandinc.com | - | High
+36 | [45.12.71.99](https://vuldb.com/?ip.45.12.71.99) | - | - | High
+37 | [45.85.120.0](https://vuldb.com/?ip.45.85.120.0) | - | - | High
+38 | [45.87.24.0](https://vuldb.com/?ip.45.87.24.0) | - | - | High
+39 | [45.95.168.0](https://vuldb.com/?ip.45.95.168.0) | maxko-hosting.com | - | High
+40 | [45.136.188.0](https://vuldb.com/?ip.45.136.188.0) | - | - | High
+41 | [45.137.248.0](https://vuldb.com/?ip.45.137.248.0) | 0.248.137.45.in-addr.arpa.broadband.mtnet.hr | - | High
+42 | [45.142.8.0](https://vuldb.com/?ip.45.142.8.0) | - | - | High
+43 | [45.143.216.0](https://vuldb.com/?ip.45.143.216.0) | 45-143-216-0.broadband.mtnet.hr | - | High
+44 | [45.157.4.0](https://vuldb.com/?ip.45.157.4.0) | - | - | High
+45 | [46.31.136.0](https://vuldb.com/?ip.46.31.136.0) | - | - | High
+46 | [46.163.0.0](https://vuldb.com/?ip.46.163.0.0) | - | - | High
+47 | [46.163.51.0](https://vuldb.com/?ip.46.163.51.0) | - | - | High
+48 | [46.163.53.0](https://vuldb.com/?ip.46.163.53.0) | - | - | High
+49 | [46.163.58.0](https://vuldb.com/?ip.46.163.58.0) | - | - | High
+50 | [46.174.136.0](https://vuldb.com/?ip.46.174.136.0) | - | - | High
+51 | [46.174.138.0](https://vuldb.com/?ip.46.174.138.0) | - | - | High
+52 | [46.183.184.0](https://vuldb.com/?ip.46.183.184.0) | - | - | High
+53 | [46.188.128.0](https://vuldb.com/?ip.46.188.128.0) | - | - | High
+54 | [46.229.240.0](https://vuldb.com/?ip.46.229.240.0) | - | - | High
+55 | [46.229.248.0](https://vuldb.com/?ip.46.229.248.0) | - | - | High
+56 | [46.229.252.0](https://vuldb.com/?ip.46.229.252.0) | 46-229-252-0-dsl.novi-net.net | - | High
+57 | [46.234.64.0](https://vuldb.com/?ip.46.234.64.0) | - | - | High
+58 | [57.90.64.0](https://vuldb.com/?ip.57.90.64.0) | - | - | High
+59 | [57.90.68.0](https://vuldb.com/?ip.57.90.68.0) | - | - | High
+60 | [63.170.203.144](https://vuldb.com/?ip.63.170.203.144) | - | - | High
+61 | [66.159.222.0](https://vuldb.com/?ip.66.159.222.0) | - | - | High
+62 | [77.216.0.0](https://vuldb.com/?ip.77.216.0.0) | m77-216-0-0.cust.tele2.hr | - | High
+63 | [77.218.9.0](https://vuldb.com/?ip.77.218.9.0) | - | - | High
+64 | [77.218.10.0](https://vuldb.com/?ip.77.218.10.0) | - | - | High
+65 | [77.219.32.0](https://vuldb.com/?ip.77.219.32.0) | m77-219-32-0.cust.tele2.hr | - | High
+66 | [77.219.64.0](https://vuldb.com/?ip.77.219.64.0) | m77-219-64-0.cust.tele2.hr | - | High
+67 | [77.219.128.0](https://vuldb.com/?ip.77.219.128.0) | m77-219-128-0.cust.tele2.hr | - | High
+68 | [77.237.96.0](https://vuldb.com/?ip.77.237.96.0) | srv-77-237-96-0.static.a1.hr | - | High
+69 | [78.0.0.0](https://vuldb.com/?ip.78.0.0.0) | 78-0-0-0.adsl.net.t-com.hr | - | High
+70 | [78.134.128.0](https://vuldb.com/?ip.78.134.128.0) | 78.134.128.0-dsl.net.metronet.hr | - | High
+71 | [80.80.48.0](https://vuldb.com/?ip.80.80.48.0) | - | - | High
+72 | [80.249.133.0](https://vuldb.com/?ip.80.249.133.0) | - | - | High
+73 | [80.253.160.0](https://vuldb.com/?ip.80.253.160.0) | - | - | High
+74 | [80.253.162.0](https://vuldb.com/?ip.80.253.162.0) | - | - | High
+75 | [80.253.164.0](https://vuldb.com/?ip.80.253.164.0) | - | - | High
+76 | [80.253.168.0](https://vuldb.com/?ip.80.253.168.0) | - | - | High
+77 | [81.17.228.0](https://vuldb.com/?ip.81.17.228.0) | n228-h0.loc-b.akton.net | - | High
+78 | [81.23.248.0](https://vuldb.com/?ip.81.23.248.0) | - | - | High
+79 | [82.132.0.0](https://vuldb.com/?ip.82.132.0.0) | - | - | High
+80 | [82.193.192.0](https://vuldb.com/?ip.82.193.192.0) | - | - | High
+81 | [82.214.76.0](https://vuldb.com/?ip.82.214.76.0) | c82-214-76-0.loc.akton.net | - | High
+82 | [82.214.78.0](https://vuldb.com/?ip.82.214.78.0) | c82-214-78-0.loc.akton.net | - | High
+83 | [82.214.96.0](https://vuldb.com/?ip.82.214.96.0) | c82-214-96-0.loc.akton.net | - | High
+84 | [83.131.0.0](https://vuldb.com/?ip.83.131.0.0) | - | - | High
+85 | [83.139.64.0](https://vuldb.com/?ip.83.139.64.0) | - | - | High
+86 | [83.176.32.0](https://vuldb.com/?ip.83.176.32.0) | m83-176-32-0.cust.tele2.hr | - | High
+87 | [83.176.64.0](https://vuldb.com/?ip.83.176.64.0) | m83-176-64-0.cust.tele2.hr | - | High
+88 | [83.176.128.0](https://vuldb.com/?ip.83.176.128.0) | m83-176-128-0.cust.tele2.hr | - | High
+89 | [83.177.0.0](https://vuldb.com/?ip.83.177.0.0) | m83-177-0-0.cust.tele2.hr | - | High
+90 | [83.178.0.0](https://vuldb.com/?ip.83.178.0.0) | - | - | High
+91 | [83.178.104.0](https://vuldb.com/?ip.83.178.104.0) | m83-178-104-0.cust.tele2.hr | - | High
+92 | [83.178.112.0](https://vuldb.com/?ip.83.178.112.0) | m83-178-112-0.cust.tele2.hr | - | High
+93 | [83.178.234.0](https://vuldb.com/?ip.83.178.234.0) | m83-178-234-0.cust.tele2.hr | - | High
+94 | [83.178.236.0](https://vuldb.com/?ip.83.178.236.0) | m83-178-236-0.cust.tele2.hr | - | High
+95 | [83.178.240.0](https://vuldb.com/?ip.83.178.240.0) | m83-178-240-0.cust.tele2.hr | - | High
+96 | [83.179.192.0](https://vuldb.com/?ip.83.179.192.0) | m83-179-192-0.cust.tele2.hr | - | High
+97 | [83.180.32.0](https://vuldb.com/?ip.83.180.32.0) | m83-180-32-0.cust.tele2.hr | - | High
+98 | [83.180.64.0](https://vuldb.com/?ip.83.180.64.0) | m83-180-64-0.cust.tele2.hr | - | High
+99 | ... | ... | ... | ...
 
-There are 306 more IOC items available. Please use our online service to access the data.
+There are 391 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -111,6 +133,7 @@ ID | Technique | Weakness | Description | Confidence
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_hr.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_hr.netset
 
 ## Literature
 

actors/CryWiper/README.md

@@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.crywiper](https://vuldb.com/?actor.crywiper)
 
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CryWiper:
+
+* [US](https://vuldb.com/?country.us)
+
 ## IOC - Indicator of Compromise
 
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CryWiper.

actors/CryptoPHP/README.md

@@ -54,11 +54,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/mics/j_spring_security_check` | High
-2 | File | `examples/openid.php` | High
-3 | File | `FormDisplay.php` | High
-4 | ... | ... | ...
+2 | File | `/user/s.php` | Medium
+3 | File | `add-locker-form.php` | High
+4 | File | `admin/booking_report.php` | High
+5 | ... | ... | ...
 
-There are 12 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cuba Ransomware/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cuba Ransomware:
 
 * [VN](https://vuldb.com/?country.vn)
-* [CH](https://vuldb.com/?country.ch)
 * [US](https://vuldb.com/?country.us)
+* [CH](https://vuldb.com/?country.ch)
 * ...
 
-There are 7 more country items available. Please use our online service to access the data.
+There are 6 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -46,14 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 20 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -63,47 +63,45 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.env` | Low
 2 | File | `/admin/ajax.php?action=delete_window` | High
-3 | File | `/admin/api/admin/articles/` | High
-4 | File | `/admin/api/theme-edit/` | High
-5 | File | `/as/authorization.oauth2` | High
-6 | File | `/blogengine/api/posts` | High
-7 | File | `/cgi-bin/luci/api/auth` | High
-8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-9 | File | `/cgi-bin/wlogin.cgi` | High
+3 | File | `/admin/patient.php` | High
+4 | File | `/as/authorization.oauth2` | High
+5 | File | `/blogengine/api/posts` | High
+6 | File | `/cgi-bin/luci/api/auth` | High
+7 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+8 | File | `/cgi-bin/wlogin.cgi` | High
+9 | File | `/DXR.axd` | Medium
 10 | File | `/event/admin/?page=user/list` | High
-11 | File | `/forum/away.php` | High
-12 | File | `/fos/admin/ajax.php?action=login` | High
-13 | File | `/goform/SysToolChangePwd` | High
-14 | File | `/goform/WifiBasicSet` | High
-15 | File | `/index/user/user_edit.html` | High
-16 | File | `/login/index.php` | High
-17 | File | `/obs/book.php` | High
-18 | File | `/products/view_product.php` | High
-19 | File | `/proxy` | Low
-20 | File | `/public/login.htm` | High
+11 | File | `/filemanager/php/connector.php` | High
+12 | File | `/forum/away.php` | High
+13 | File | `/fos/admin/ajax.php?action=login` | High
+14 | File | `/index/user/user_edit.html` | High
+15 | File | `/login/index.php` | High
+16 | File | `/modules/projects/vw_files.php` | High
+17 | File | `/products/view_product.php` | High
+18 | File | `/proxy` | Low
+19 | File | `/public/login.htm` | High
+20 | File | `/rukovoditel/index.php?module=users/login` | High
 21 | File | `/secure/QueryComponent!Default.jspa` | High
 22 | File | `/shell` | Low
 23 | File | `/spip.php` | Medium
-24 | File | `/uncpath/` | Medium
-25 | File | `/usr/bin/tddp` | High
-26 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-27 | File | `/wp-admin/admin-ajax.php` | High
-28 | File | `/wp-admin/options.php` | High
-29 | File | `/wp-json/wc/v3/webhooks` | High
-30 | File | `/_vti_pvt/access.cnf` | High
-31 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
-32 | File | `actions/UploadAction.php` | High
-33 | File | `adclick.php` | Medium
-34 | File | `add_contestant.php` | High
-35 | File | `admin/import/class-import-settings.php` | High
-36 | File | `admin/manage_user.php` | High
-37 | File | `admin/page-login.php` | High
-38 | File | `admin/panels/uploader/admin.uploader.php` | High
-39 | File | `admin/practice_pdf.php` | High
-40 | File | `admin/template/js/uploadify/uploadify.swf` | High
-41 | ... | ... | ...
+24 | File | `/usr/bin/tddp` | High
+25 | File | `/wp-admin/admin-ajax.php` | High
+26 | File | `/wp-admin/options.php` | High
+27 | File | `/wp-json/wc/v3/webhooks` | High
+28 | File | `adclick.php` | Medium
+29 | File | `add_contestant.php` | High
+30 | File | `admin.php` | Medium
+31 | File | `admin/conf_users_edit.php` | High
+32 | File | `admin/import/class-import-settings.php` | High
+33 | File | `admin/manage_user.php` | High
+34 | File | `admin/page-login.php` | High
+35 | File | `admin/practice_pdf.php` | High
+36 | File | `admin/template/js/uploadify/uploadify.swf` | High
+37 | File | `administrator/components/com_joomgallery/views/config/tmpl/default.php` | High
+38 | File | `affich.php` | Medium
+39 | ... | ... | ...
 
-There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 337 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cuba Unknown/README.md

@@ -26,11 +26,11 @@ ID | IP address | Hostname | Campaign | Confidence
 3 | [5.101.221.128](https://vuldb.com/?ip.5.101.221.128) | - | - | High
 4 | [45.12.70.51](https://vuldb.com/?ip.45.12.70.51) | appropriate.get-eye.com | - | High
 5 | [45.12.71.51](https://vuldb.com/?ip.45.12.71.51) | - | - | High
-6 | [57.91.32.0](https://vuldb.com/?ip.57.91.32.0) | - | - | High
-7 | [94.46.63.195](https://vuldb.com/?ip.94.46.63.195) | 94-46-63-195.client.hostsrecord.com | - | High
+6 | [57.74.110.0](https://vuldb.com/?ip.57.74.110.0) | - | - | High
+7 | [57.91.32.0](https://vuldb.com/?ip.57.91.32.0) | - | - | High
 8 | ... | ... | ... | ...
 
-There are 26 more IOC items available. Please use our online service to access the data.
+There are 27 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -97,24 +97,25 @@ ID | Type | Indicator | Confidence
 43 | File | `admin/param/param_func.inc.php` | High
 44 | File | `admin/y_admin.asp` | High
 45 | File | `adminer.php` | Medium
-46 | File | `administrator/components/com_media/helpers/media.php` | High
-47 | File | `admin_ok.asp` | Medium
-48 | File | `app/Core/Paginator.php` | High
-49 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
-50 | File | `artlinks.dispnew.php` | High
-51 | File | `auth.php` | Medium
-52 | File | `auth_changepassword.php` | High
-53 | File | `bin/named/query.c` | High
-54 | File | `blank.php` | Medium
+46 | File | `administration/admins.php` | High
+47 | File | `administrator/components/com_media/helpers/media.php` | High
+48 | File | `admin_ok.asp` | Medium
+49 | File | `app/Core/Paginator.php` | High
+50 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
+51 | File | `artlinks.dispnew.php` | High
+52 | File | `auth.php` | Medium
+53 | File | `auth_changepassword.php` | High
+54 | File | `bin/named/query.c` | High
 55 | ... | ... | ...
 
-There are 480 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_cu.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_cu.netset
 
 ## Literature
 

actors/Curious Gorge/README.md

@@ -34,7 +34,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
@@ -55,7 +55,7 @@ ID | Type | Indicator | Confidence
 6 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
 7 | ... | ... | ...
 
-There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cyprus Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...
 
-There are 21 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -21,79 +21,109 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [2.59.168.0](https://vuldb.com/?ip.2.59.168.0) | - | - | High
-2 | [5.62.60.108](https://vuldb.com/?ip.5.62.60.108) | r-108-60-62-5.consumer-pool.prcdn.net | - | High
-3 | [5.62.62.104](https://vuldb.com/?ip.5.62.62.104) | r-104-62-62-5.consumer-pool.prcdn.net | - | High
-4 | [5.101.221.0](https://vuldb.com/?ip.5.101.221.0) | subnet.gcore.lu | - | High
-5 | [5.253.84.0](https://vuldb.com/?ip.5.253.84.0) | - | - | High
-6 | [5.253.86.0](https://vuldb.com/?ip.5.253.86.0) | - | - | High
-7 | [31.22.88.0](https://vuldb.com/?ip.31.22.88.0) | - | - | High
-8 | [31.153.0.0](https://vuldb.com/?ip.31.153.0.0) | - | - | High
-9 | [31.209.96.1](https://vuldb.com/?ip.31.209.96.1) | - | - | High
-10 | [31.209.96.2](https://vuldb.com/?ip.31.209.96.2) | - | - | High
-11 | [31.209.96.4](https://vuldb.com/?ip.31.209.96.4) | - | - | High
-12 | [31.209.96.8](https://vuldb.com/?ip.31.209.96.8) | - | - | High
-13 | [31.209.96.16](https://vuldb.com/?ip.31.209.96.16) | - | - | High
-14 | [31.209.96.32](https://vuldb.com/?ip.31.209.96.32) | - | - | High
-15 | [31.209.96.64](https://vuldb.com/?ip.31.209.96.64) | - | - | High
-16 | [31.209.96.128](https://vuldb.com/?ip.31.209.96.128) | - | - | High
-17 | [31.209.97.0](https://vuldb.com/?ip.31.209.97.0) | - | - | High
-18 | [31.209.98.0](https://vuldb.com/?ip.31.209.98.0) | - | - | High
-19 | [31.209.100.1](https://vuldb.com/?ip.31.209.100.1) | - | - | High
-20 | [31.209.100.2](https://vuldb.com/?ip.31.209.100.2) | - | - | High
-21 | [31.209.100.4](https://vuldb.com/?ip.31.209.100.4) | - | - | High
-22 | [31.209.100.8](https://vuldb.com/?ip.31.209.100.8) | - | - | High
-23 | [31.209.100.16](https://vuldb.com/?ip.31.209.100.16) | - | - | High
-24 | [31.209.100.32](https://vuldb.com/?ip.31.209.100.32) | - | - | High
-25 | [31.209.100.64](https://vuldb.com/?ip.31.209.100.64) | - | - | High
-26 | [31.209.100.128](https://vuldb.com/?ip.31.209.100.128) | - | - | High
-27 | [31.209.101.0](https://vuldb.com/?ip.31.209.101.0) | - | - | High
-28 | [31.209.102.0](https://vuldb.com/?ip.31.209.102.0) | - | - | High
-29 | [31.209.104.1](https://vuldb.com/?ip.31.209.104.1) | - | - | High
-30 | [31.209.104.2](https://vuldb.com/?ip.31.209.104.2) | - | - | High
-31 | [31.209.104.4](https://vuldb.com/?ip.31.209.104.4) | - | - | High
-32 | [31.209.104.8](https://vuldb.com/?ip.31.209.104.8) | - | - | High
-33 | [31.209.104.16](https://vuldb.com/?ip.31.209.104.16) | - | - | High
-34 | [31.209.104.32](https://vuldb.com/?ip.31.209.104.32) | - | - | High
-35 | [31.209.104.64](https://vuldb.com/?ip.31.209.104.64) | - | - | High
-36 | [31.209.104.128](https://vuldb.com/?ip.31.209.104.128) | - | - | High
-37 | [31.209.105.0](https://vuldb.com/?ip.31.209.105.0) | - | - | High
-38 | [31.209.106.0](https://vuldb.com/?ip.31.209.106.0) | - | - | High
-39 | [31.209.108.0](https://vuldb.com/?ip.31.209.108.0) | - | - | High
-40 | [31.216.64.0](https://vuldb.com/?ip.31.216.64.0) | - | - | High
-41 | [37.9.176.0](https://vuldb.com/?ip.37.9.176.0) | - | - | High
-42 | [37.34.3.18](https://vuldb.com/?ip.37.34.3.18) | - | - | High
-43 | [37.34.18.208](https://vuldb.com/?ip.37.34.18.208) | - | - | High
-44 | [37.149.0.0](https://vuldb.com/?ip.37.149.0.0) | - | - | High
-45 | [37.218.192.0](https://vuldb.com/?ip.37.218.192.0) | - | - | High
-46 | [45.12.70.55](https://vuldb.com/?ip.45.12.70.55) | boot-syslog.get-eye.com | - | High
-47 | [45.12.71.55](https://vuldb.com/?ip.45.12.71.55) | - | - | High
-48 | [45.132.68.0](https://vuldb.com/?ip.45.132.68.0) | - | - | High
-49 | [45.132.132.0](https://vuldb.com/?ip.45.132.132.0) | - | - | High
-50 | [45.136.8.0](https://vuldb.com/?ip.45.136.8.0) | - | - | High
-51 | [45.142.200.0](https://vuldb.com/?ip.45.142.200.0) | - | - | High
-52 | [46.16.136.0](https://vuldb.com/?ip.46.16.136.0) | - | - | High
-53 | [46.21.48.0](https://vuldb.com/?ip.46.21.48.0) | - | - | High
-54 | [46.28.176.0](https://vuldb.com/?ip.46.28.176.0) | - | - | High
-55 | [46.31.64.0](https://vuldb.com/?ip.46.31.64.0) | - | - | High
-56 | [46.31.66.0](https://vuldb.com/?ip.46.31.66.0) | - | - | High
-57 | [46.31.70.0](https://vuldb.com/?ip.46.31.70.0) | - | - | High
-58 | [46.198.0.0](https://vuldb.com/?ip.46.198.0.0) | - | - | High
-59 | [46.199.0.0](https://vuldb.com/?ip.46.199.0.0) | - | - | High
-60 | [46.251.96.0](https://vuldb.com/?ip.46.251.96.0) | - | - | High
-61 | [46.255.120.0](https://vuldb.com/?ip.46.255.120.0) | - | - | High
-62 | [62.12.64.0](https://vuldb.com/?ip.62.12.64.0) | - | - | High
-63 | [62.152.0.0](https://vuldb.com/?ip.62.152.0.0) | - | - | High
-64 | [62.228.0.0](https://vuldb.com/?ip.62.228.0.0) | - | - | High
-65 | [65.18.208.0](https://vuldb.com/?ip.65.18.208.0) | - | - | High
-66 | [66.205.64.0](https://vuldb.com/?ip.66.205.64.0) | - | - | High
-67 | [69.6.0.0](https://vuldb.com/?ip.69.6.0.0) | - | - | High
-68 | [69.94.112.0](https://vuldb.com/?ip.69.94.112.0) | - | - | High
-69 | [77.73.113.0](https://vuldb.com/?ip.77.73.113.0) | - | - | High
-70 | [77.74.56.0](https://vuldb.com/?ip.77.74.56.0) | c-77-74-56-0.customer.ggaweb.ch | - | High
-71 | ... | ... | ... | ...
+1 | [2.59.117.0](https://vuldb.com/?ip.2.59.117.0) | ptr.poyrazhosting.com.tr | - | High
+2 | [2.59.168.0](https://vuldb.com/?ip.2.59.168.0) | - | - | High
+3 | [2.109.72.0](https://vuldb.com/?ip.2.109.72.0) | - | - | High
+4 | [2.109.74.0](https://vuldb.com/?ip.2.109.74.0) | - | - | High
+5 | [5.8.18.0](https://vuldb.com/?ip.5.8.18.0) | - | - | High
+6 | [5.62.60.108](https://vuldb.com/?ip.5.62.60.108) | r-108-60-62-5.consumer-pool.prcdn.net | - | High
+7 | [5.62.62.104](https://vuldb.com/?ip.5.62.62.104) | r-104-62-62-5.consumer-pool.prcdn.net | - | High
+8 | [5.101.221.0](https://vuldb.com/?ip.5.101.221.0) | subnet.gcore.lu | - | High
+9 | [5.188.86.0](https://vuldb.com/?ip.5.188.86.0) | - | - | High
+10 | [5.253.84.0](https://vuldb.com/?ip.5.253.84.0) | - | - | High
+11 | [5.253.86.0](https://vuldb.com/?ip.5.253.86.0) | - | - | High
+12 | [31.22.88.0](https://vuldb.com/?ip.31.22.88.0) | - | - | High
+13 | [31.22.92.0](https://vuldb.com/?ip.31.22.92.0) | - | - | High
+14 | [31.25.228.0](https://vuldb.com/?ip.31.25.228.0) | - | - | High
+15 | [31.25.230.0](https://vuldb.com/?ip.31.25.230.0) | - | - | High
+16 | [31.153.0.0](https://vuldb.com/?ip.31.153.0.0) | - | - | High
+17 | [31.153.128.0](https://vuldb.com/?ip.31.153.128.0) | - | - | High
+18 | [31.153.192.0](https://vuldb.com/?ip.31.153.192.0) | - | - | High
+19 | [31.153.209.0](https://vuldb.com/?ip.31.153.209.0) | - | - | High
+20 | [31.153.210.0](https://vuldb.com/?ip.31.153.210.0) | - | - | High
+21 | [31.153.212.0](https://vuldb.com/?ip.31.153.212.0) | - | - | High
+22 | [31.153.216.0](https://vuldb.com/?ip.31.153.216.0) | - | - | High
+23 | [31.153.224.0](https://vuldb.com/?ip.31.153.224.0) | - | - | High
+24 | [31.209.96.0](https://vuldb.com/?ip.31.209.96.0) | - | - | High
+25 | [31.209.96.1](https://vuldb.com/?ip.31.209.96.1) | - | - | High
+26 | [31.209.96.2](https://vuldb.com/?ip.31.209.96.2) | - | - | High
+27 | [31.209.96.4](https://vuldb.com/?ip.31.209.96.4) | - | - | High
+28 | [31.209.96.8](https://vuldb.com/?ip.31.209.96.8) | - | - | High
+29 | [31.209.96.16](https://vuldb.com/?ip.31.209.96.16) | - | - | High
+30 | [31.209.96.32](https://vuldb.com/?ip.31.209.96.32) | - | - | High
+31 | [31.209.96.64](https://vuldb.com/?ip.31.209.96.64) | - | - | High
+32 | [31.209.96.128](https://vuldb.com/?ip.31.209.96.128) | - | - | High
+33 | [31.209.97.0](https://vuldb.com/?ip.31.209.97.0) | - | - | High
+34 | [31.209.98.0](https://vuldb.com/?ip.31.209.98.0) | - | - | High
+35 | [31.209.100.1](https://vuldb.com/?ip.31.209.100.1) | - | - | High
+36 | [31.209.100.2](https://vuldb.com/?ip.31.209.100.2) | - | - | High
+37 | [31.209.100.4](https://vuldb.com/?ip.31.209.100.4) | - | - | High
+38 | [31.209.100.8](https://vuldb.com/?ip.31.209.100.8) | - | - | High
+39 | [31.209.100.16](https://vuldb.com/?ip.31.209.100.16) | - | - | High
+40 | [31.209.100.32](https://vuldb.com/?ip.31.209.100.32) | - | - | High
+41 | [31.209.100.64](https://vuldb.com/?ip.31.209.100.64) | - | - | High
+42 | [31.209.100.128](https://vuldb.com/?ip.31.209.100.128) | - | - | High
+43 | [31.209.101.0](https://vuldb.com/?ip.31.209.101.0) | - | - | High
+44 | [31.209.102.0](https://vuldb.com/?ip.31.209.102.0) | - | - | High
+45 | [31.209.104.1](https://vuldb.com/?ip.31.209.104.1) | - | - | High
+46 | [31.209.104.2](https://vuldb.com/?ip.31.209.104.2) | - | - | High
+47 | [31.209.104.4](https://vuldb.com/?ip.31.209.104.4) | - | - | High
+48 | [31.209.104.8](https://vuldb.com/?ip.31.209.104.8) | - | - | High
+49 | [31.209.104.16](https://vuldb.com/?ip.31.209.104.16) | - | - | High
+50 | [31.209.104.32](https://vuldb.com/?ip.31.209.104.32) | - | - | High
+51 | [31.209.104.64](https://vuldb.com/?ip.31.209.104.64) | - | - | High
+52 | [31.209.104.128](https://vuldb.com/?ip.31.209.104.128) | - | - | High
+53 | [31.209.105.0](https://vuldb.com/?ip.31.209.105.0) | - | - | High
+54 | [31.209.106.0](https://vuldb.com/?ip.31.209.106.0) | - | - | High
+55 | [31.209.108.0](https://vuldb.com/?ip.31.209.108.0) | - | - | High
+56 | [31.216.64.0](https://vuldb.com/?ip.31.216.64.0) | - | - | High
+57 | [37.9.176.0](https://vuldb.com/?ip.37.9.176.0) | - | - | High
+58 | [37.9.178.0](https://vuldb.com/?ip.37.9.178.0) | - | - | High
+59 | [37.9.181.0](https://vuldb.com/?ip.37.9.181.0) | - | - | High
+60 | [37.9.182.0](https://vuldb.com/?ip.37.9.182.0) | - | - | High
+61 | [37.34.3.18](https://vuldb.com/?ip.37.34.3.18) | - | - | High
+62 | [37.34.18.208](https://vuldb.com/?ip.37.34.18.208) | - | - | High
+63 | [37.149.0.0](https://vuldb.com/?ip.37.149.0.0) | - | - | High
+64 | [37.152.75.0](https://vuldb.com/?ip.37.152.75.0) | - | - | High
+65 | [37.218.192.0](https://vuldb.com/?ip.37.218.192.0) | - | - | High
+66 | [37.218.200.0](https://vuldb.com/?ip.37.218.200.0) | - | - | High
+67 | [38.73.228.0](https://vuldb.com/?ip.38.73.228.0) | - | - | High
+68 | [38.134.113.0](https://vuldb.com/?ip.38.134.113.0) | - | - | High
+69 | [45.12.70.55](https://vuldb.com/?ip.45.12.70.55) | boot-syslog.get-eye.com | - | High
+70 | [45.12.71.55](https://vuldb.com/?ip.45.12.71.55) | - | - | High
+71 | [45.84.59.0](https://vuldb.com/?ip.45.84.59.0) | - | - | High
+72 | [45.89.23.0](https://vuldb.com/?ip.45.89.23.0) | - | - | High
+73 | [45.130.120.0](https://vuldb.com/?ip.45.130.120.0) | - | - | High
+74 | [45.132.68.0](https://vuldb.com/?ip.45.132.68.0) | - | - | High
+75 | [45.132.132.0](https://vuldb.com/?ip.45.132.132.0) | - | - | High
+76 | [45.136.8.0](https://vuldb.com/?ip.45.136.8.0) | - | - | High
+77 | [45.142.200.0](https://vuldb.com/?ip.45.142.200.0) | - | - | High
+78 | [46.16.136.0](https://vuldb.com/?ip.46.16.136.0) | - | - | High
+79 | [46.21.48.0](https://vuldb.com/?ip.46.21.48.0) | - | - | High
+80 | [46.28.176.0](https://vuldb.com/?ip.46.28.176.0) | - | - | High
+81 | [46.31.64.0](https://vuldb.com/?ip.46.31.64.0) | - | - | High
+82 | [46.31.66.0](https://vuldb.com/?ip.46.31.66.0) | - | - | High
+83 | [46.31.70.0](https://vuldb.com/?ip.46.31.70.0) | - | - | High
+84 | [46.106.200.0](https://vuldb.com/?ip.46.106.200.0) | - | - | High
+85 | [46.198.0.0](https://vuldb.com/?ip.46.198.0.0) | - | - | High
+86 | [46.199.0.0](https://vuldb.com/?ip.46.199.0.0) | - | - | High
+87 | [46.235.156.0](https://vuldb.com/?ip.46.235.156.0) | - | - | High
+88 | [46.251.96.0](https://vuldb.com/?ip.46.251.96.0) | - | - | High
+89 | [46.255.120.0](https://vuldb.com/?ip.46.255.120.0) | - | - | High
+90 | [46.255.122.0](https://vuldb.com/?ip.46.255.122.0) | - | - | High
+91 | [46.255.126.0](https://vuldb.com/?ip.46.255.126.0) | - | - | High
+92 | [57.79.196.0](https://vuldb.com/?ip.57.79.196.0) | - | - | High
+93 | [62.12.64.0](https://vuldb.com/?ip.62.12.64.0) | - | - | High
+94 | [62.12.81.0](https://vuldb.com/?ip.62.12.81.0) | unassigned.maks.net | - | High
+95 | [62.12.82.0](https://vuldb.com/?ip.62.12.82.0) | - | - | High
+96 | [62.12.84.0](https://vuldb.com/?ip.62.12.84.0) | - | - | High
+97 | [62.12.88.0](https://vuldb.com/?ip.62.12.88.0) | - | - | High
+98 | [62.122.188.0](https://vuldb.com/?ip.62.122.188.0) | - | - | High
+99 | [62.152.0.0](https://vuldb.com/?ip.62.152.0.0) | - | - | High
+100 | [62.204.37.0](https://vuldb.com/?ip.62.204.37.0) | - | - | High
+101 | ... | ... | ... | ...
 
-There are 279 more IOC items available. Please use our online service to access the data.
+There are 398 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -101,7 +131,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
@@ -117,72 +147,77 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `.htaccess` | Medium
-3 | File | `/Admin/add-student.php` | High
-4 | File | `/admin/api/admin/articles/` | High
-5 | File | `/admin/conferences/list/` | High
-6 | File | `/admin/edit_admin_details.php?id=admin` | High
-7 | File | `/admin/generalsettings.php` | High
-8 | File | `/Admin/login.php` | High
-9 | File | `/admin/payment.php` | High
-10 | File | `/admin/reports.php` | High
-11 | File | `/admin/showbad.php` | High
-12 | File | `/apilog.php` | Medium
-13 | File | `/cgi-bin/kerbynet` | High
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/connectors/index.php` | High
-16 | File | `/dev/block/mmcblk0rpmb` | High
-17 | File | `/dms/admin/reports/daily_collection_report.php` | High
-18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-19 | File | `/face-recognition-php/facepay-master/camera.php` | High
-20 | File | `/forum/away.php` | High
-21 | File | `/fos/admin/ajax.php?action=login` | High
-22 | File | `/fos/admin/index.php?page=menu` | High
+2 | File | `/Admin/add-student.php` | High
+3 | File | `/admin/api/admin/articles/` | High
+4 | File | `/Admin/login.php` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/admin/subnets/ripe-query.php` | High
+7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+9 | File | `/apilog.php` | Medium
+10 | File | `/APR/login.php` | High
+11 | File | `/bin/httpd` | Medium
+12 | File | `/cgi-bin/wapopen` | High
+13 | File | `/cgi-bin/wlogin.cgi` | High
+14 | File | `/connectors/index.php` | High
+15 | File | `/dev/block/mmcblk0rpmb` | High
+16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+17 | File | `/face-recognition-php/facepay-master/camera.php` | High
+18 | File | `/forum/away.php` | High
+19 | File | `/fos/admin/ajax.php?action=login` | High
+20 | File | `/fos/admin/index.php?page=menu` | High
+21 | File | `/home/masterConsole` | High
+22 | File | `/home/sendBroadcast` | High
 23 | File | `/hrm/employeeadd.php` | High
 24 | File | `/hrm/employeeview.php` | High
 25 | File | `/index.php` | Medium
-26 | File | `/Items/*/RemoteImages/Download` | High
-27 | File | `/items/view_item.php` | High
-28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-29 | File | `/lists/admin/` | High
-30 | File | `/lookin/info` | Medium
-31 | File | `/MagickCore/image.c` | High
-32 | File | `/manager/index.php` | High
-33 | File | `/medical/inventories.php` | High
-34 | File | `/modules/profile/index.php` | High
-35 | File | `/modules/projects/vw_files.php` | High
-36 | File | `/modules/public/calendar.php` | High
-37 | File | `/newsDia.php` | Medium
-38 | File | `/out.php` | Medium
-39 | File | `/proxy` | Low
-40 | File | `/public/launchNewWindow.jsp` | High
-41 | File | `/Redcock-Farm/farm/category.php` | High
-42 | File | `/reports/rwservlet` | High
-43 | File | `/sacco_shield/manage_user.php` | High
-44 | File | `/spip.php` | Medium
-45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-46 | File | `/staff/bookdetails.php` | High
-47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-48 | File | `/user/update_booking.php` | High
-49 | File | `/WEB-INF/web.xml` | High
-50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+26 | File | `/items/view_item.php` | High
+27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+28 | File | `/lookin/info` | Medium
+29 | File | `/manager/index.php` | High
+30 | File | `/medical/inventories.php` | High
+31 | File | `/modules/profile/index.php` | High
+32 | File | `/modules/projects/vw_files.php` | High
+33 | File | `/modules/public/calendar.php` | High
+34 | File | `/mygym/admin/index.php?view_exercises` | High
+35 | File | `/newsDia.php` | Medium
+36 | File | `/out.php` | Medium
+37 | File | `/php-opos/index.php` | High
+38 | File | `/proxy` | Low
+39 | File | `/public/launchNewWindow.jsp` | High
+40 | File | `/Redcock-Farm/farm/category.php` | High
+41 | File | `/reports/rwservlet` | High
+42 | File | `/sacco_shield/manage_user.php` | High
+43 | File | `/spip.php` | Medium
+44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+45 | File | `/staff/bookdetails.php` | High
+46 | File | `/uncpath/` | Medium
+47 | File | `/user/update_booking.php` | High
+48 | File | `/WEB-INF/web.xml` | High
+49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+50 | File | `/wireless/security.asp` | High
 51 | File | `/wordpress/wp-admin/options-general.php` | High
 52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
 53 | File | `01article.php` | High
 54 | File | `AbstractScheduleJob.java` | High
 55 | File | `actionphp/download.File.php` | High
-56 | File | `AdClass.php` | Medium
+56 | File | `activenews_view.asp` | High
 57 | File | `adclick.php` | Medium
 58 | File | `addtocart.asp` | High
-59 | ... | ... | ...
+59 | File | `admin.php` | Medium
+60 | File | `admin/abc.php` | High
+61 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+62 | File | `admin/admin/adminsave.html` | High
+63 | ... | ... | ...
 
-There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 556 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_cy.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_cy.netset
 
 ## Literature
 

actors/Dalbit/README.md

@@ -54,7 +54,7 @@ ID | Type | Indicator | Confidence
 3 | File | `/uncpath/` | Medium
 4 | ... | ... | ...
 
-There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/DanaBot/README.md

@@ -74,9 +74,10 @@ ID | Type | Indicator | Confidence
 19 | File | `add_comment.php` | High
 20 | File | `admin.php` | Medium
 21 | File | `admin/admin.shtml` | High
-22 | ... | ... | ...
+22 | File | `admin/content.php` | High
+23 | ... | ... | ...
 
-There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Dark Caracal/README.md

@@ -59,7 +59,7 @@ ID | Type | Indicator | Confidence
 10 | File | `archivejson.cgi` | High
 11 | ... | ... | ...
 
-There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/DarkHydrus/README.md

@@ -58,7 +58,7 @@ ID | Type | Indicator | Confidence
 8 | File | `add_comment.php` | High
 9 | ... | ... | ...
 
-There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 64 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/DarkWatchman/README.md

@@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.darkwatchman](https://vuldb.com/?actor.darkwatchman)
 
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DarkWatchman:
+
+* [CN](https://vuldb.com/?country.cn)
+
 ## IOC - Indicator of Compromise
 
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DarkWatchman.
@@ -12,6 +18,14 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [45.156.27.245](https://vuldb.com/?ip.45.156.27.245) | dasee-1.net7.dns.cloudbackbone.net | - | High
 
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _DarkWatchman_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1600 | CWE-310 | J2EE Misconfiguration: Data Transmission Without Encryption | High
+
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:

actors/DePriMon/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [BR](https://vuldb.com/?country.br)
 * ...
 
-There are 6 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -55,11 +55,11 @@ ID | Type | Indicator | Confidence
 6 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
 7 | File | `admin/google_search_console/class-gsc-table.php` | High
 8 | File | `administrator/components/com_media/helpers/media.php` | High
-9 | File | `cgi-bin/qcmap_web_cgi` | High
-10 | File | `class/debug/debug_show.php` | High
+9 | File | `appserv/main.php` | High
+10 | File | `cgi-bin/qcmap_web_cgi` | High
 11 | ... | ... | ...
 
-There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 85 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Dealply/README.md

@@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dealply:
 
 * [IT](https://vuldb.com/?country.it)
+* [US](https://vuldb.com/?country.us)
 
 ## IOC - Indicator of Compromise
 
@@ -33,13 +34,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-27, CWE-29 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-25, CWE-27, CWE-29 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 18 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -47,51 +48,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin.php/accessory/filesdel.html` | High
-2 | File | `/admin.php/update/getFile.html` | High
-3 | File | `/admin/?page=user/manage` | High
-4 | File | `/admin/add-new.php` | High
-5 | File | `/admin/ajax.php` | High
-6 | File | `/admin/content/index` | High
-7 | File | `/admin/convert/export_z3950_new.php` | High
-8 | File | `/admin/delete_user.php` | High
-9 | File | `/admin/doctors.php` | High
-10 | File | `/admin/edit-doc.php` | High
-11 | File | `/admin/index3.php` | High
-12 | File | `/admin/login.php` | High
-13 | File | `/admin/main/mod-blog` | High
-14 | File | `/admin/manage_user.php` | High
-15 | File | `/admin/navbar.php` | High
-16 | File | `/admin/patient.php` | High
-17 | File | `/admin/upload` | High
-18 | File | `/admin/view_order.php` | High
-19 | File | `/admin1/config/update` | High
-20 | File | `/admin1/file/download` | High
-21 | File | `/agc/vicidial.php` | High
-22 | File | `/ajax/update_certificate` | High
-23 | File | `/alphaware/summary.php` | High
-24 | File | `/api/admin/system/store/order/list` | High
-25 | File | `/api/admin/user/list` | High
-26 | File | `/api/jmeter/download/files` | High
-27 | File | `/APR/login.php` | High
-28 | File | `/APR/signup.php` | High
-29 | File | `/billing/home.php` | High
-30 | File | `/boat/login.php` | High
-31 | File | `/cgi-bin/mainfunction.cgi` | High
-32 | File | `/cgi-bin/mft/wireless_mft` | High
-33 | File | `/data/config.ftp.php` | High
-34 | File | `/databases/database/edit` | High
-35 | File | `/databases/database/list` | High
-36 | File | `/databases/table/columns` | High
-37 | File | `/databases/table/list` | High
-38 | File | `/dist/index.js` | High
-39 | File | `/editor/index.php` | High
-40 | File | `/edoc/doctor/patient.php` | High
-41 | File | `/eduauth/student/search.php` | High
-42 | File | `/etc/init.d/openfire` | High
-43 | ... | ... | ...
+1 | File | `/admin.php/appcenter/local.html?type=addon` | High
+2 | File | `/admin.php?controller=admin_commonuser` | High
+3 | File | `/admin/ajax.php` | High
+4 | File | `/admin/assign/assign.php` | High
+5 | File | `/admin/content/index` | High
+6 | File | `/admin/convert/export_z3950_new.php` | High
+7 | File | `/admin/delete_user.php` | High
+8 | File | `/admin/getallarticleinfo` | High
+9 | File | `/admin/login.php` | High
+10 | File | `/admin/manage_user.php` | High
+11 | File | `/admin/navbar.php` | High
+12 | File | `/admin/reports/index.php` | High
+13 | File | `/admin/robot/approval/list` | High
+14 | File | `/admin/upload` | High
+15 | File | `/admin/view_order.php` | High
+16 | File | `/admin1/file/download` | High
+17 | File | `/admin_system/api.php` | High
+18 | File | `/agc/vicidial.php` | High
+19 | File | `/alphaware/details.php` | High
+20 | File | `/analysisProject/pagingQueryData` | High
+21 | File | `/api/admin/store/product/list` | High
+22 | File | `/api/admin/store/product/save` | High
+23 | File | `/api/admin/user/list` | High
+24 | File | `/api/jmeter/download/files` | High
+25 | File | `/api/upload` | Medium
+26 | File | `/batm/app/admin/standalone/deployments` | High
+27 | File | `/billing/home.php` | High
+28 | File | `/bookstore/bookPerPub.php` | High
+29 | File | `/bsenordering/index.php` | High
+30 | File | `/churchcrm/EventAttendance.php` | High
+31 | File | `/common/sysFile/list` | High
+32 | File | `/databases/database/edit` | High
+33 | File | `/databases/database/list` | High
+34 | File | `/databases/table/columns` | High
+35 | File | `/databases/table/list` | High
+36 | File | `/ecommerce/admin/category/controller.php` | High
+37 | File | `/ecommerce/admin/settings/setDiscount.php` | High
+38 | File | `/ecommerce/admin/user/controller.php?action=edit` | High
+39 | File | `/eduauth/student/search.php` | High
+40 | File | `/etc/init.d/openfire` | High
+41 | File | `/feeds/post/publish` | High
+42 | File | `/files/list-file` | High
+43 | File | `/file_manager/login.php` | High
+44 | File | `/geoserver/rest/about/status` | High
+45 | File | `/https_redirect.php` | High
+46 | File | `/kruxton/manage_user.php` | High
+47 | File | `/kruxton/navbar.php` | High
+48 | File | `/kruxton/receipt.php` | High
+49 | File | `/kruxton/sales_report.php` | High
+50 | File | `/NotrinosERP/sales/customer_delivery.php` | High
+51 | ... | ... | ...
 
-There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 447 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/DetaRAT/README.md

@@ -46,7 +46,7 @@ ID | Type | Indicator | Confidence
 4 | File | `data/gbconfiguration.dat` | High
 5 | ... | ... | ...
 
-There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Donot/README.md

@@ -16,11 +16,11 @@ The following _campaigns_ are known and can be associated with Donot:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Donot:
 
 * [US](https://vuldb.com/?country.us)
-* [CH](https://vuldb.com/?country.ch)
 * [CN](https://vuldb.com/?country.cn)
+* [CH](https://vuldb.com/?country.ch)
 * ...
 
-There are 5 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -54,7 +54,7 @@ ID | Technique | Weakness | Description | Confidence
 4 | T1059 | CWE-94 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 15 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -95,9 +95,11 @@ ID | Type | Indicator | Confidence
 31 | File | `/dashboard/add-blog.php` | High
 32 | File | `/dashboard/add-portfolio.php` | High
 33 | File | `/dashboard/settings` | High
-34 | ... | ... | ...
+34 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
+35 | File | `/film-rating.php` | High
+36 | ... | ... | ...
 
-There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Earth Kitsune/README.md

@@ -15,8 +15,11 @@ The following _campaigns_ are known and can be associated with Earth Kitsune:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Earth Kitsune:
 
 * [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
 * [CN](https://vuldb.com/?country.cn)
-* [GB](https://vuldb.com/?country.gb)
+* ...
+
+There are 1 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 

actors/Emotet/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -813,7 +813,7 @@ ID | IP address | Hostname | Campaign | Confidence
 790 | [64.227.100.222](https://vuldb.com/?ip.64.227.100.222) | - | - | High
 791 | ... | ... | ... | ...
 
-There are 3160 more IOC items available. Please use our online service to access the data.
+There are 3161 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -822,13 +822,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 18 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -836,34 +836,49 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.dbus-keyrings` | High
-2 | File | `/.env` | Low
-3 | File | `/api/blade-log/api/list` | High
-4 | File | `/bin/sh` | Low
-5 | File | `/cgi-bin/wlogin.cgi` | High
-6 | File | `/cimom` | Low
-7 | File | `/context/%2e/WEB-INF/web.xml` | High
-8 | File | `/data/wps.setup.json` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/forum/away.php` | High
-11 | File | `/forum/PostPrivateMessage` | High
-12 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
-13 | File | `/public/login.htm` | High
-14 | File | `/secure/QueryComponent!Default.jspa` | High
-15 | File | `/spip.php` | Medium
-16 | File | `/usr/bin/pkexec` | High
-17 | File | `/wp-admin/admin-ajax.php` | High
-18 | File | `/wp-admin/options.php` | High
-19 | File | `/wp-json/oembed/1.0/embed?url` | High
-20 | File | `adclick.php` | Medium
-21 | File | `adminer.php` | Medium
-22 | File | `api.php` | Low
-23 | File | `APKINDEX.tar.gz` | High
-24 | File | `AtlTraceTool8.exe` | High
-25 | File | `AutomaticZenRule.java` | High
-26 | ... | ... | ...
+1 | File | `//` | Low
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/delete_user.php` | High
+6 | File | `/admin/doctors.php` | High
+7 | File | `/admin/patient.php` | High
+8 | File | `/alphaware/summary.php` | High
+9 | File | `/api/` | Low
+10 | File | `/api/admin/system/store/order/list` | High
+11 | File | `/api/jmeter/download/files` | High
+12 | File | `/api/upload` | Medium
+13 | File | `/APR/login.php` | High
+14 | File | `/boat/login.php` | High
+15 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
+16 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+17 | File | `/cgi-bin/wlogin.cgi` | High
+18 | File | `/common/sysFile/list` | High
+19 | File | `/debug/pprof` | Medium
+20 | File | `/DXR.axd` | Medium
+21 | File | `/etc/sudoers` | Medium
+22 | File | `/filemanager/php/connector.php` | High
+23 | File | `/files/import` | High
+24 | File | `/forum/away.php` | High
+25 | File | `/getcfg.php` | Medium
+26 | File | `/goform/addressNat` | High
+27 | File | `/home/www/cgi-bin/login.cgi` | High
+28 | File | `/j_security_check` | High
+29 | File | `/librarian/bookdetails.php` | High
+30 | File | `/mhds/clinic/view_details.php` | High
+31 | File | `/modules/projects/vw_files.php` | High
+32 | File | `/reservation/add_message.php` | High
+33 | File | `/rom-0` | Low
+34 | File | `/rukovoditel/index.php?module=users/login` | High
+35 | File | `/secure/QueryComponent!Default.jspa` | High
+36 | File | `/static/ueditor/php/controller.php` | High
+37 | File | `/usr/bin/at` | Medium
+38 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+39 | File | `/wabt/bin/poc.wasm` | High
+40 | File | `/wireless/security.asp` | High
+41 | ... | ... | ...
 
-There are 222 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
@@ -970,6 +985,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://github.com/A-dd-Y/secops/blob/main/MalwareIOC/triage-emotet-c2.txt
 * https://github.com/blackorbird/APT_REPORT/blob/master/cybercrime/emotet/Emotet_Exposed_A_Look_Inside_the_Cybercriminal_Supply_Chain.pdf
 * https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/Emotet_contacted_ips.txt
+* https://github.com/Cisco-Talos/IOCs/blob/main/2023/03/emotet-switches-to-onenote.txt
 * https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-17%20Emotet%20IOCs
 * https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-09%20Emotet%20IOCs
 * https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-20%20Emotet%20IOCs

actors/Equation/README.md

@@ -14,12 +14,12 @@ The following _campaigns_ are known and can be associated with Equation:
 
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Equation:
 
-* [ES](https://vuldb.com/?country.es)
-* [US](https://vuldb.com/?country.us)
-* [GB](https://vuldb.com/?country.gb)
+* [KE](https://vuldb.com/?country.ke)
+* [PK](https://vuldb.com/?country.pk)
+* [KR](https://vuldb.com/?country.kr)
 * ...
 
-There are 4 more country items available. Please use our online service to access the data.
+There are 1 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -28,14 +28,62 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [41.222.35.70](https://vuldb.com/?ip.41.222.35.70) | 70.35.static.rdns.co.za | - | High
-2 | [62.216.152.67](https://vuldb.com/?ip.62.216.152.67) | - | - | High
-3 | [64.76.82.52](https://vuldb.com/?ip.64.76.82.52) | c647682-52.static.impsat.com.co | - | High
-4 | [80.77.4.3](https://vuldb.com/?ip.80.77.4.3) | - | - | High
-5 | [81.31.34.175](https://vuldb.com/?ip.81.31.34.175) | 81-31-34-175.static.masterinter.net | - | High
-6 | [81.31.36.174](https://vuldb.com/?ip.81.31.36.174) | vl504.sl509s.r1-3.dc1.4d.prg.masterinter.net | - | High
-7 | ... | ... | ... | ...
+2 | [61.0.0.46](https://vuldb.com/?ip.61.0.0.46) | - | - | High
+3 | [61.0.0.71](https://vuldb.com/?ip.61.0.0.71) | - | - | High
+4 | [61.1.64.45](https://vuldb.com/?ip.61.1.64.45) | - | - | High
+5 | [61.1.128.17](https://vuldb.com/?ip.61.1.128.17) | - | - | High
+6 | [61.1.128.71](https://vuldb.com/?ip.61.1.128.71) | - | - | High
+7 | [62.56.174.152](https://vuldb.com/?ip.62.56.174.152) | - | - | High
+8 | [62.76.114.22](https://vuldb.com/?ip.62.76.114.22) | - | - | High
+9 | [62.116.144.147](https://vuldb.com/?ip.62.116.144.147) | live.onsite-it.net | - | High
+10 | [62.116.144.150](https://vuldb.com/?ip.62.116.144.150) | onsite.onsite-it.net | - | High
+11 | [62.116.144.190](https://vuldb.com/?ip.62.116.144.190) | acronistest.kuhlma-cloud.de | - | High
+12 | [62.216.152.67](https://vuldb.com/?ip.62.216.152.67) | - | - | High
+13 | [64.76.82.52](https://vuldb.com/?ip.64.76.82.52) | c647682-52.static.impsat.com.co | - | High
+14 | [66.128.32.67](https://vuldb.com/?ip.66.128.32.67) | host-67-32-128-66.rev.itelsa.com.ar | - | High
+15 | [66.128.32.68](https://vuldb.com/?ip.66.128.32.68) | host-68-32-128-66.rev.itelsa.com.ar | - | High
+16 | [80.77.4.3](https://vuldb.com/?ip.80.77.4.3) | - | - | High
+17 | [80.82.162.118](https://vuldb.com/?ip.80.82.162.118) | - | - | High
+18 | [80.191.2.2](https://vuldb.com/?ip.80.191.2.2) | - | - | High
+19 | [81.31.34.175](https://vuldb.com/?ip.81.31.34.175) | 81-31-34-175.static.masterinter.net | - | High
+20 | [81.31.36.174](https://vuldb.com/?ip.81.31.36.174) | vl504.sl509s.r1-3.dc1.4d.prg.masterinter.net | - | High
+21 | [81.31.38.163](https://vuldb.com/?ip.81.31.38.163) | 81-31-38-163.static.masterinter.net | - | High
+22 | [81.31.38.166](https://vuldb.com/?ip.81.31.38.166) | 81-31-38-166.static.masterinter.net | - | High
+23 | [81.94.47.83](https://vuldb.com/?ip.81.94.47.83) | - | - | High
+24 | [82.192.68.37](https://vuldb.com/?ip.82.192.68.37) | - | - | High
+25 | [84.233.205.99](https://vuldb.com/?ip.84.233.205.99) | - | - | High
+26 | [85.112.1.83](https://vuldb.com/?ip.85.112.1.83) | - | - | High
+27 | [87.255.38.2](https://vuldb.com/?ip.87.255.38.2) | - | - | High
+28 | [88.147.128.28](https://vuldb.com/?ip.88.147.128.28) | mail.san.ru | - | High
+29 | [89.18.177.3](https://vuldb.com/?ip.89.18.177.3) | 89-18-177-3.reasonnet.com | - | High
+30 | [109.71.45.115](https://vuldb.com/?ip.109.71.45.115) | smtp-out.wisdomgroup.pt | Gauss | High
+31 | [125.10.31.145](https://vuldb.com/?ip.125.10.31.145) | 125-10-31-145.rev.home.ne.jp | - | High
+32 | [129.187.244.204](https://vuldb.com/?ip.129.187.244.204) | mailrelay2.rz.fh-muenchen.de | - | High
+33 | [129.194.41.4](https://vuldb.com/?ip.129.194.41.4) | - | - | High
+34 | [129.194.49.47](https://vuldb.com/?ip.129.194.49.47) | - | - | High
+35 | [129.194.97.8](https://vuldb.com/?ip.129.194.97.8) | - | - | High
+36 | [130.34.115.132](https://vuldb.com/?ip.130.34.115.132) | ns2.chem.tohoku.ac.jp | - | High
+37 | [130.134.115.132](https://vuldb.com/?ip.130.134.115.132) | - | - | High
+38 | [130.237.234.3](https://vuldb.com/?ip.130.237.234.3) | milko.stacken.kth.se | - | High
+39 | [130.237.234.17](https://vuldb.com/?ip.130.237.234.17) | ns.stacken.kth.se | - | High
+40 | [130.237.234.51](https://vuldb.com/?ip.130.237.234.51) | - | - | High
+41 | [130.237.234.53](https://vuldb.com/?ip.130.237.234.53) | ns53.stacken.kth.se | - | High
+42 | [130.237.234.151](https://vuldb.com/?ip.130.237.234.151) | mount-kilimanjaro.stacken.kth.se | - | High
+43 | [130.237.234.152](https://vuldb.com/?ip.130.237.234.152) | snacks.stacken.kth.se | - | High
+44 | [131.188.3.200](https://vuldb.com/?ip.131.188.3.200) | reserved.rrze.uni-erlangen.de | - | High
+45 | [132.248.10.2](https://vuldb.com/?ip.132.248.10.2) | dns2.unam.mx | - | High
+46 | [132.248.204.1](https://vuldb.com/?ip.132.248.204.1) | dns1.unam.mx | - | High
+47 | [132.248.253.1](https://vuldb.com/?ip.132.248.253.1) | ve53.zc-dist.unam.mx | - | High
+48 | [133.3.5.2](https://vuldb.com/?ip.133.3.5.2) | pfdsun.kuicr.kyoto-u.ac.jp | - | High
+49 | [133.3.5.20](https://vuldb.com/?ip.133.3.5.20) | icrsun.kuicr.kyoto-u.ac.jp | - | High
+50 | [133.3.5.30](https://vuldb.com/?ip.133.3.5.30) | - | - | High
+51 | [133.3.5.33](https://vuldb.com/?ip.133.3.5.33) | sms.uji.kyoto-u.ac.jp | - | High
+52 | [133.26.135.224](https://vuldb.com/?ip.133.26.135.224) | - | - | High
+53 | [133.31.106.46](https://vuldb.com/?ip.133.31.106.46) | ci970000.ci.noda.sut.ac.jp | - | High
+54 | [133.41.145.11](https://vuldb.com/?ip.133.41.145.11) | 145-011.eduroam.hiroshima-u.ac.jp | - | High
+55 | ... | ... | ... | ...
 
-There are 24 more IOC items available. Please use our online service to access the data.
+There are 214 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -48,7 +96,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 9 more TTP items available. Please use our online service to access the data.
+There are 13 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -56,17 +104,23 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/data/wps.setup.json` | High
-2 | File | `/exec/` | Low
-3 | File | `/lists/index.php` | High
-4 | ... | ... | ...
+1 | File | `.htaccess` | Medium
+2 | File | `/.env` | Low
+3 | File | `/aux` | Low
+4 | File | `/cgi-bin/kerbynet` | High
+5 | File | `/cgi-bin/system_mgr.cgi` | High
+6 | File | `/cgi-bin/upload_vpntar` | High
+7 | File | `/edit-db.php` | Medium
+8 | File | `/EXCU_SHELL` | Medium
+9 | ... | ... | ...
 
-There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
+* https://github.com/blackorbird/APT_REPORT/blob/master/EquationGroup/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
 * https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf
 * https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134940/kaspersky-lab-gauss.pdf
 

actors/Europe Unknown/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Europe Unknown:
 
 * [US](https://vuldb.com/?country.us)
+* [SH](https://vuldb.com/?country.sh)
 * [CN](https://vuldb.com/?country.cn)
-* [JP](https://vuldb.com/?country.jp)
 * ...
 
-There are 27 more country items available. Please use our online service to access the data.
+There are 24 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -24822,12 +24822,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 17 more TTP items available. Please use our online service to access the data.
+There are 16 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -24835,49 +24835,78 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `$GIT_DIR/objects` | High
-2 | File | `/admin.php/accessory/filesdel.html` | High
-3 | File | `/admin.php/update/getFile.html` | High
-4 | File | `/admin/` | Low
-5 | File | `/admin/?page=user/manage` | High
-6 | File | `/admin/add-new.php` | High
-7 | File | `/admin/admin_manage/delete` | High
-8 | File | `/admin/doctors.php` | High
-9 | File | `/admin/edit-doc.php` | High
-10 | File | `/admin/index2.html` | High
-11 | File | `/admin/index3.php` | High
-12 | File | `/admin/patient.php` | High
-13 | File | `/admin/scripts/pi-hole/phpqueryads.php` | High
-14 | File | `/adms/admin/?page=user/manage_user` | High
-15 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-16 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-17 | File | `/adms/classes/Users.php` | High
-18 | File | `/APR/signup.php` | High
-19 | File | `/backup.pl` | Medium
-20 | File | `/bin/sh` | Low
-21 | File | `/boat/login.php` | High
-22 | File | `/cgi-bin/mainfunction.cgi` | High
-23 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
-24 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
-25 | File | `/cgi-bin/wlogin.cgi` | High
-26 | File | `/cmscp/ext/collect/fetch_url.do` | High
-27 | File | `/context/%2e/WEB-INF/web.xml` | High
-28 | File | `/controller/OnlinePreviewController.java` | High
-29 | File | `/data/config.ftp.php` | High
-30 | File | `/debug/pprof` | Medium
-31 | File | `/editor/index.php` | High
-32 | File | `/edoc/doctor/patient.php` | High
-33 | File | `/forms/doLogin` | High
-34 | File | `/forum/away.php` | High
-35 | File | `/IISADMPWD` | Medium
-36 | File | `/Moosikay/order.php` | High
-37 | File | `/mygym/admin/index.php?view_exercises` | High
-38 | File | `/out.php` | Medium
-39 | File | `/pet_shop/admin/orders/update_status.php` | High
-40 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
-41 | ... | ... | ...
+1 | File | `/+CSCOE+/logon.html` | High
+2 | File | `/?ajax-request=jnews` | High
+3 | File | `/admin/` | Low
+4 | File | `/admin/ajax.php` | High
+5 | File | `/admin/content/index` | High
+6 | File | `/admin/delete_user.php` | High
+7 | File | `/admin/index3.php` | High
+8 | File | `/admin/login.php` | High
+9 | File | `/admin/patient.php` | High
+10 | File | `/admin_system/api.php` | High
+11 | File | `/ad_js.php` | Medium
+12 | File | `/alphaware/summary.php` | High
+13 | File | `/alumni/admin/ajax.php?action=save_settings` | High
+14 | File | `/api/v1/attack/falco` | High
+15 | File | `/APR/login.php` | High
+16 | File | `/APR/signup.php` | High
+17 | File | `/aux` | Low
+18 | File | `/backup.pl` | Medium
+19 | File | `/categorypage.php` | High
+20 | File | `/cgi-bin/wapopen` | High
+21 | File | `/cha.php` | Medium
+22 | File | `/College/admin/teacher.php` | High
+23 | File | `/drivers/block/floppy.c` | High
+24 | File | `/edoc/doctor/patient.php` | High
+25 | File | `/etc/shadow` | Medium
+26 | File | `/etc/tomcat8/Catalina/attack` | High
+27 | File | `/file_manager/login.php` | High
+28 | File | `/forum/away.php` | High
+29 | File | `/fos/admin/ajax.php` | High
+30 | File | `/fos/admin/ajax.php?action=save_settings` | High
+31 | File | `/mims/login.php` | High
+32 | File | `/Moosikay/order.php` | High
+33 | File | `/ordering/admin/orders/loaddata.php` | High
+34 | File | `/ordering/admin/stockin/loaddata.php` | High
+35 | File | `/param.file.tgz` | High
+36 | File | `/philosophy/admin/login.php` | High
+37 | File | `/philosophy/admin/user/controller.php?action=add` | High
+38 | File | `/php-opos/login.php` | High
+39 | File | `/priv_mgt.html` | High
+40 | File | `/proxy` | Low
+41 | File | `/public/launchNewWindow.jsp` | High
+42 | File | `/reservation/add_message.php` | High
+43 | File | `/resources//../` | High
+44 | File | `/rest/project-templates/1.0/createshared` | High
+45 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+46 | File | `/spip.php` | Medium
+47 | File | `/textpattern/index.php` | High
+48 | File | `/tmp` | Low
+49 | File | `/upload` | Low
+50 | File | `/vendor/views/add_product.php` | High
+51 | File | `3G/UMTS` | Low
+52 | File | `account/signup.php` | High
+53 | File | `AcquisiAction.class.php` | High
+54 | File | `activenews_view.asp` | High
+55 | File | `ad-blocking-detector.php` | High
+56 | File | `ad.php` | Low
+57 | File | `addentry.php` | Medium
+58 | File | `addmem.php` | Medium
+59 | File | `admin-ajax.php` | High
+60 | File | `admin.php` | Medium
+61 | File | `admin/?page=admin` | High
+62 | File | `admin/?page=students/view_student` | High
+63 | File | `admin/?page=user/list` | High
+64 | File | `admin/ab.php` | Medium
+65 | File | `admin/adminlog.php` | High
+66 | File | `admin/admin_editor.php` | High
+67 | File | `admin/ajax.php?action=login2` | High
+68 | File | `admin/categories/manage_category.php` | High
+69 | File | `admin/clients/view_client.php` | High
+70 | ... | ... | ...
 
-There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 616 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/EvilProxy/README.md

@@ -49,65 +49,68 @@ ID | Type | Indicator | Confidence
 1 | File | `.github/workflows/combine-prs.yml` | High
 2 | File | `/Admin/add-student.php` | High
 3 | File | `/admin/api/admin/articles/` | High
-4 | File | `/admin/conferences/list/` | High
-5 | File | `/Admin/login.php` | High
-6 | File | `/admin/showbad.php` | High
-7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-9 | File | `/apilog.php` | Medium
-10 | File | `/APR/login.php` | High
-11 | File | `/bin/httpd` | Medium
-12 | File | `/cgi-bin/wapopen` | High
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/connectors/index.php` | High
-15 | File | `/dev/block/mmcblk0rpmb` | High
-16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-17 | File | `/face-recognition-php/facepay-master/camera.php` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/fos/admin/ajax.php?action=login` | High
-20 | File | `/fos/admin/index.php?page=menu` | High
-21 | File | `/home/masterConsole` | High
-22 | File | `/home/sendBroadcast` | High
-23 | File | `/hrm/employeeadd.php` | High
-24 | File | `/hrm/employeeview.php` | High
-25 | File | `/index.php` | Medium
-26 | File | `/items/view_item.php` | High
-27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-28 | File | `/lookin/info` | Medium
-29 | File | `/manager/index.php` | High
-30 | File | `/medical/inventories.php` | High
-31 | File | `/modules/profile/index.php` | High
-32 | File | `/modules/projects/vw_files.php` | High
-33 | File | `/modules/public/calendar.php` | High
-34 | File | `/mygym/admin/index.php?view_exercises` | High
-35 | File | `/newsDia.php` | Medium
-36 | File | `/out.php` | Medium
-37 | File | `/php-opos/index.php` | High
-38 | File | `/proxy` | Low
-39 | File | `/public/launchNewWindow.jsp` | High
-40 | File | `/Redcock-Farm/farm/category.php` | High
-41 | File | `/reports/rwservlet` | High
-42 | File | `/sacco_shield/manage_user.php` | High
-43 | File | `/spip.php` | Medium
-44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-45 | File | `/staff/bookdetails.php` | High
-46 | File | `/uncpath/` | Medium
-47 | File | `/user/update_booking.php` | High
-48 | File | `/WEB-INF/web.xml` | High
-49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-50 | File | `/wireless/security.asp` | High
-51 | File | `/wordpress/wp-admin/options-general.php` | High
-52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-53 | File | `01article.php` | High
-54 | File | `AbstractScheduleJob.java` | High
-55 | File | `actionphp/download.File.php` | High
+4 | File | `/Admin/login.php` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+7 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+8 | File | `/apilog.php` | Medium
+9 | File | `/APR/login.php` | High
+10 | File | `/bin/httpd` | Medium
+11 | File | `/cgi-bin/wapopen` | High
+12 | File | `/cgi-bin/wlogin.cgi` | High
+13 | File | `/connectors/index.php` | High
+14 | File | `/dev/block/mmcblk0rpmb` | High
+15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+16 | File | `/face-recognition-php/facepay-master/camera.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/fos/admin/ajax.php?action=login` | High
+19 | File | `/fos/admin/index.php?page=menu` | High
+20 | File | `/home/masterConsole` | High
+21 | File | `/home/sendBroadcast` | High
+22 | File | `/hrm/employeeadd.php` | High
+23 | File | `/hrm/employeeview.php` | High
+24 | File | `/index.php` | Medium
+25 | File | `/items/view_item.php` | High
+26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+27 | File | `/lookin/info` | Medium
+28 | File | `/manager/index.php` | High
+29 | File | `/medical/inventories.php` | High
+30 | File | `/modules/profile/index.php` | High
+31 | File | `/modules/projects/vw_files.php` | High
+32 | File | `/modules/public/calendar.php` | High
+33 | File | `/mygym/admin/index.php?view_exercises` | High
+34 | File | `/newsDia.php` | Medium
+35 | File | `/out.php` | Medium
+36 | File | `/php-opos/index.php` | High
+37 | File | `/proxy` | Low
+38 | File | `/public/launchNewWindow.jsp` | High
+39 | File | `/Redcock-Farm/farm/category.php` | High
+40 | File | `/reports/rwservlet` | High
+41 | File | `/sacco_shield/manage_user.php` | High
+42 | File | `/spip.php` | Medium
+43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+44 | File | `/staff/bookdetails.php` | High
+45 | File | `/uncpath/` | Medium
+46 | File | `/user/update_booking.php` | High
+47 | File | `/WEB-INF/web.xml` | High
+48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+49 | File | `/wireless/security.asp` | High
+50 | File | `/wordpress/wp-admin/options-general.php` | High
+51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+52 | File | `01article.php` | High
+53 | File | `AbstractScheduleJob.java` | High
+54 | File | `actionphp/download.File.php` | High
+55 | File | `activenews_view.asp` | High
 56 | File | `adclick.php` | Medium
 57 | File | `addtocart.asp` | High
 58 | File | `admin.php` | Medium
 59 | File | `admin/abc.php` | High
-60 | ... | ... | ...
+60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+61 | File | `admin/admin/adminsave.html` | High
+62 | File | `admin/conf_users_edit.php` | High
+63 | ... | ... | ...
 
-There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 552 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/FIN7/README.md

@@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...
 
-There are 24 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -97,7 +97,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
-2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@@ -137,23 +137,23 @@ ID | Type | Indicator | Confidence
 24 | File | `/forum/away.php` | High
 25 | File | `/fos/admin/ajax.php?action=login` | High
 26 | File | `/fos/admin/index.php?page=menu` | High
-27 | File | `/goform/wizard_end` | High
-28 | File | `/home/masterConsole` | High
-29 | File | `/home/sendBroadcast` | High
-30 | File | `/hrm/employeeadd.php` | High
-31 | File | `/hrm/employeeview.php` | High
-32 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-33 | File | `/lookin/info` | Medium
-34 | File | `/medicines/profile.php` | High
-35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-36 | File | `/mygym/admin/index.php?view_exercises` | High
-37 | File | `/out.php` | Medium
-38 | File | `/php-opos/index.php` | High
-39 | File | `/proxy` | Low
-40 | File | `/Redcock-Farm/farm/category.php` | High
-41 | File | `/reports/rwservlet` | High
-42 | File | `/reservation/add_message.php` | High
-43 | File | `/secure/QueryComponent!Default.jspa` | High
+27 | File | `/home/masterConsole` | High
+28 | File | `/home/sendBroadcast` | High
+29 | File | `/hrm/employeeadd.php` | High
+30 | File | `/hrm/employeeview.php` | High
+31 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+32 | File | `/lookin/info` | Medium
+33 | File | `/medicines/profile.php` | High
+34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+35 | File | `/mygym/admin/index.php?view_exercises` | High
+36 | File | `/php-opos/index.php` | High
+37 | File | `/proxy` | Low
+38 | File | `/public/launchNewWindow.jsp` | High
+39 | File | `/Redcock-Farm/farm/category.php` | High
+40 | File | `/reports/rwservlet` | High
+41 | File | `/reservation/add_message.php` | High
+42 | File | `/secure/QueryComponent!Default.jspa` | High
+43 | File | `/Session` | Medium
 44 | File | `/spip.php` | Medium
 45 | File | `/tmp` | Low
 46 | File | `/uncpath/` | Medium
@@ -161,9 +161,11 @@ ID | Type | Indicator | Confidence
 48 | File | `/video-sharing-script/watch-video.php` | High
 49 | File | `/wireless/security.asp` | High
 50 | File | `/xxl-job-admin/jobinfo` | High
-51 | ... | ... | ...
+51 | File | `01article.php` | High
+52 | File | `AbstractScheduleJob.java` | High
+53 | ... | ... | ...
 
-There are 445 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/FortiOS/README.md

@@ -63,7 +63,7 @@ ID | Type | Indicator | Confidence
 13 | File | `/secure/QueryComponent!Default.jspa` | High
 14 | ... | ... | ...
 
-There are 109 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 110 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/FritzFrog/README.md

@@ -335,9 +335,10 @@ ID | Technique | Weakness | Description | Confidence
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
-There are 17 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -350,39 +351,46 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin/index2.html` | High
 4 | File | `/admin/patient.php` | High
 5 | File | `/admin/scripts/pi-hole/phpqueryads.php` | High
-6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-7 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-8 | File | `/APR/login.php` | High
-9 | File | `/APR/signup.php` | High
-10 | File | `/as/authorization.oauth2` | High
-11 | File | `/bin/sh` | Low
-12 | File | `/boat/login.php` | High
-13 | File | `/bsms_ci/index.php/user/edit_user/` | High
-14 | File | `/cgi-bin/luci/api/auth` | High
-15 | File | `/cgi-bin/wapopen` | High
-16 | File | `/cgi-bin/wlogin.cgi` | High
-17 | File | `/cimom` | Low
-18 | File | `/context/%2e/WEB-INF/web.xml` | High
-19 | File | `/controller/OnlinePreviewController.java` | High
-20 | File | `/debug/pprof` | Medium
-21 | File | `/DXR.axd` | Medium
-22 | File | `/ecshop/admin/template.php` | High
-23 | File | `/etc/openstack-dashboard/local_settings` | High
-24 | File | `/etc/sudoers` | Medium
-25 | File | `/filemanager/php/connector.php` | High
-26 | File | `/forum/away.php` | High
-27 | File | `/forum/PostPrivateMessage` | High
-28 | File | `/home/www/cgi-bin/login.cgi` | High
-29 | File | `/IISADMPWD` | Medium
-30 | File | `/Moosikay/order.php` | High
-31 | File | `/mygym/admin/index.php?view_exercises` | High
-32 | File | `/net-banking/customer_transactions.php` | High
-33 | File | `/out.php` | Medium
-34 | File | `/pet_shop/admin/orders/update_status.php` | High
-35 | File | `/php-opos/index.php` | High
-36 | ... | ... | ...
+6 | File | `/APR/login.php` | High
+7 | File | `/APR/signup.php` | High
+8 | File | `/as/authorization.oauth2` | High
+9 | File | `/boat/login.php` | High
+10 | File | `/bsms_ci/index.php/user/edit_user/` | High
+11 | File | `/cgi-bin/luci/api/auth` | High
+12 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+13 | File | `/cgi-bin/wapopen` | High
+14 | File | `/cimom` | Low
+15 | File | `/context/%2e/WEB-INF/web.xml` | High
+16 | File | `/controller/OnlinePreviewController.java` | High
+17 | File | `/DXR.axd` | Medium
+18 | File | `/ecshop/admin/template.php` | High
+19 | File | `/etc/openstack-dashboard/local_settings` | High
+20 | File | `/etc/sudoers` | Medium
+21 | File | `/filemanager/php/connector.php` | High
+22 | File | `/forum/away.php` | High
+23 | File | `/forum/PostPrivateMessage` | High
+24 | File | `/goform/addressNat` | High
+25 | File | `/home/www/cgi-bin/login.cgi` | High
+26 | File | `/IISADMPWD` | Medium
+27 | File | `/modules/projects/vw_files.php` | High
+28 | File | `/Moosikay/order.php` | High
+29 | File | `/mygym/admin/index.php?view_exercises` | High
+30 | File | `/net-banking/customer_transactions.php` | High
+31 | File | `/out.php` | Medium
+32 | File | `/pet_shop/admin/orders/update_status.php` | High
+33 | File | `/php-opos/index.php` | High
+34 | File | `/public/launchNewWindow.jsp` | High
+35 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+36 | File | `/rukovoditel/index.php?module=users/login` | High
+37 | File | `/secure/QueryComponent!Default.jspa` | High
+38 | File | `/tourism/rate_review.php` | High
+39 | File | `/uncpath/` | Medium
+40 | File | `/upload` | Low
+41 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+42 | File | `/wp-admin/admin-ajax.php` | High
+43 | ... | ... | ...
 
-There are 308 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/FunnySwitch/README.md

@@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
 11 | File | `archiver\index.php` | High
 12 | ... | ... | ...
 
-There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 92 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Gh0stRAT/README.md

@@ -103,7 +103,8 @@ ID | Technique | Weakness | Description | Confidence
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
 There are 18 more TTP items available. Please use our online service to access the data.
 
@@ -115,51 +116,46 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/admin/upload/upload` | High
-3 | File | `/apply_noauth.cgi` | High
-4 | File | `/bin/sh` | Low
-5 | File | `/cgi-bin/wlogin.cgi` | High
-6 | File | `/context/%2e/WEB-INF/web.xml` | High
-7 | File | `/ctcprotocol/Protocol` | High
-8 | File | `/debug/pprof` | Medium
-9 | File | `/ebics-server/ebics.aspx` | High
-10 | File | `/ecshop/admin/template.php` | High
-11 | File | `/etc/openstack-dashboard/local_settings` | High
-12 | File | `/forum/away.php` | High
-13 | File | `/forum/PostPrivateMessage` | High
-14 | File | `/HNAP1/SetClientInfo` | High
-15 | File | `/home/www/cgi-bin/login.cgi` | High
-16 | File | `/menu.html` | Medium
-17 | File | `/modules/snf/index.php` | High
-18 | File | `/net-banking/customer_transactions.php` | High
-19 | File | `/obs/book.php` | High
-20 | File | `/orrs/admin/?page=user/manage_user` | High
-21 | File | `/ossn/administrator/com_installer` | High
-22 | File | `/pms/update_user.php?user_id=1` | High
-23 | File | `/resources//../` | High
-24 | File | `/secure/QueryComponent!Default.jspa` | High
-25 | File | `/subtitles.php` | High
-26 | File | `/sys/dict/queryTableData` | High
-27 | File | `/user/upload/upload` | High
-28 | File | `/vendor` | Low
-29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-30 | File | `accountrecoveryendpoint/recoverpassword.do` | High
-31 | File | `adclick.php` | Medium
-32 | File | `add_contestant.php` | High
-33 | File | `add_postit.php` | High
-34 | File | `admin.php` | Medium
-35 | File | `admin/index.php` | High
-36 | File | `admin/make_payments.php` | High
-37 | File | `admin/shophelp.php` | High
-38 | File | `admin/TemplateController.java` | High
-39 | File | `administration.jsp` | High
-40 | File | `adminquery.php` | High
-41 | File | `ansfaq.asp` | Medium
-42 | File | `ApiController.class.php` | High
-43 | File | `APKINDEX.tar.gz` | High
-44 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
-45 | ... | ... | ...
+3 | File | `/api/admin/system/store/order/list` | High
+4 | File | `/apply_noauth.cgi` | High
+5 | File | `/bin/sh` | Low
+6 | File | `/cgi-bin/wlogin.cgi` | High
+7 | File | `/common/sysFile/list` | High
+8 | File | `/context/%2e/WEB-INF/web.xml` | High
+9 | File | `/ctcprotocol/Protocol` | High
+10 | File | `/debug/pprof` | Medium
+11 | File | `/ebics-server/ebics.aspx` | High
+12 | File | `/ecshop/admin/template.php` | High
+13 | File | `/etc/openstack-dashboard/local_settings` | High
+14 | File | `/forum/away.php` | High
+15 | File | `/forum/PostPrivateMessage` | High
+16 | File | `/goform/addressNat` | High
+17 | File | `/HNAP1/SetClientInfo` | High
+18 | File | `/home/www/cgi-bin/login.cgi` | High
+19 | File | `/menu.html` | Medium
+20 | File | `/net-banking/customer_transactions.php` | High
+21 | File | `/obs/book.php` | High
+22 | File | `/orrs/admin/?page=user/manage_user` | High
+23 | File | `/ossn/administrator/com_installer` | High
+24 | File | `/pms/update_user.php?user_id=1` | High
+25 | File | `/resources//../` | High
+26 | File | `/secure/QueryComponent!Default.jspa` | High
+27 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
+28 | File | `/subtitles.php` | High
+29 | File | `/sys/dict/queryTableData` | High
+30 | File | `/user/upload/upload` | High
+31 | File | `/vendor` | Low
+32 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+33 | File | `accountrecoveryendpoint/recoverpassword.do` | High
+34 | File | `Acl.asp` | Low
+35 | File | `adclick.php` | Medium
+36 | File | `add_contestant.php` | High
+37 | File | `add_postit.php` | High
+38 | File | `admin.php` | Medium
+39 | File | `admin/index.php` | High
+40 | ... | ... | ...
 
-There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 345 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Grizzly Steppe/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 16 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -155,14 +155,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28, CWE-35 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 22 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -170,49 +170,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/addNotifyServlet` | High
-2 | File | `/admin/api/theme-edit/` | High
-3 | File | `/admin/conferences/get-all-status/` | High
-4 | File | `/adminui/history_log.php` | High
-5 | File | `/attachments` | Medium
-6 | File | `/bsms_ci/index.php/book` | High
-7 | File | `/classes/Master.php?f=delete_helmet` | High
-8 | File | `/cms/category/list` | High
-9 | File | `/common/run_cross_report.php` | High
-10 | File | `/debug/pprof` | Medium
-11 | File | `/Default/Bd` | Medium
-12 | File | `/download` | Medium
-13 | File | `/etc/hosts` | Medium
-14 | File | `/etc/passwd` | Medium
-15 | File | `/face-recognition-php/facepay-master/camera.php` | High
-16 | File | `/goform/SysToolChangePwd` | High
-17 | File | `/goform/WifiBasicSet` | High
-18 | File | `/hardware` | Medium
-19 | File | `/hrm/employeeview.php` | High
-20 | File | `/hss/?page=view_product` | High
-21 | File | `/index.php?module=configuration/application` | High
+1 | File | `/admin.php/accessory/filesdel.html` | High
+2 | File | `/admin/?page=user/manage` | High
+3 | File | `/admin/add-new.php` | High
+4 | File | `/admin/api/theme-edit/` | High
+5 | File | `/admin/conferences/get-all-status/` | High
+6 | File | `/admin/doctors.php` | High
+7 | File | `/admin/index3.php` | High
+8 | File | `/adminui/history_log.php` | High
+9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+10 | File | `/alphaware/summary.php` | High
+11 | File | `/boat/login.php` | High
+12 | File | `/bsms_ci/index.php/book` | High
+13 | File | `/check` | Low
+14 | File | `/classes/Master.php?f=delete_helmet` | High
+15 | File | `/common/run_cross_report.php` | High
+16 | File | `/CPE` | Low
+17 | File | `/debug/pprof` | Medium
+18 | File | `/download` | Medium
+19 | File | `/forum/away.php` | High
+20 | File | `/goform/SysToolChangePwd` | High
+21 | File | `/goform/WifiBasicSet` | High
 22 | File | `/index/user/user_edit.html` | High
-23 | File | `/lib` | Low
-24 | File | `/login` | Low
-25 | File | `/login/index.php` | High
-26 | File | `/pages/faculty_sched.php` | High
-27 | File | `/product/savenewproduct.php?flag=1` | High
-28 | File | `/proxy` | Low
-29 | File | `/tmp` | Low
-30 | File | `/tmp/app/.env` | High
-31 | File | `/user/loader.php?api=1` | High
-32 | File | `/v1/sql-runner` | High
-33 | File | `/var/tmp/audacity-$USER` | High
-34 | File | `/wp-json/wc/v3/webhooks` | High
-35 | File | `account_change.php` | High
-36 | File | `actions/UploadAction.php` | High
-37 | File | `ActivityRecord.java` | High
-38 | File | `admin.php` | Medium
-39 | File | `admin/manage_user.php` | High
-40 | File | `admin/page-login.php` | High
-41 | ... | ... | ...
+23 | File | `/login/index.php` | High
+24 | File | `/medicines/profile.php` | High
+25 | File | `/MIME/INBOX-MM-1/` | High
+26 | File | `/Moosikay/order.php` | High
+27 | File | `/param.file.tgz` | High
+28 | File | `/php-inventory-management-system/product.php` | High
+29 | File | `/public/plugins/` | High
+30 | File | `/public_html/users.php` | High
+31 | File | `/reservation/add_message.php` | High
+32 | File | `/spip.php` | Medium
+33 | File | `/system/UserMapper.xml` | High
+34 | File | `/tmp` | Low
+35 | File | `/user/loader.php?api=1` | High
+36 | File | `/user/s.php` | Medium
+37 | File | `/v1/sql-runner` | High
+38 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+39 | File | `/video-sharing-script/watch-video.php` | High
+40 | File | `/web/index.php` | High
+41 | File | `/wireless/guestnetwork.asp` | High
+42 | File | `AcquisiAction.class.php` | High
+43 | File | `actions/UploadAction.php` | High
+44 | File | `ActivityManagerService.java` | High
+45 | File | `adclick.php` | Medium
+46 | ... | ... | ...
 
-There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Holy See Unknown/README.md

@@ -0,0 +1,60 @@
+# Holy See Unknown - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Holy See Unknown](https://vuldb.com/?actor.holy_see_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.holy_see_unknown](https://vuldb.com/?actor.holy_see_unknown)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Holy See Unknown:
+
+* [IT](https://vuldb.com/?country.it)
+* [DE](https://vuldb.com/?country.de)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Holy See Unknown.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [57.79.216.0](https://vuldb.com/?ip.57.79.216.0) | - | - | High
+2 | [81.208.94.0](https://vuldb.com/?ip.81.208.94.0) | - | - | High
+3 | [185.17.220.0](https://vuldb.com/?ip.185.17.220.0) | - | - | High
+4 | ... | ... | ... | ...
+
+There are 8 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Holy See Unknown_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1068 | CWE-264, CWE-269 | Execution with Unnecessary Privileges | High
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Holy See Unknown. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `login.cgi` | Medium
+2 | Network Port | `Web Server Port` | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_va.netset
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/Indexsinas/README.md

@@ -287,13 +287,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+1 | T1006 | CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
 2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
-There are 16 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -303,32 +304,39 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.env` | Low
 2 | File | `//` | Low
-3 | File | `/api/admin/system/store/order/list` | High
-4 | File | `/api/blade-log/api/list` | High
-5 | File | `/api/jmeter/download/files` | High
-6 | File | `/api/v2/cli/commands` | High
-7 | File | `/APR/login.php` | High
-8 | File | `/as/authorization.oauth2` | High
-9 | File | `/bsms_ci/index.php` | High
-10 | File | `/bsms_ci/index.php/user/edit_user/` | High
-11 | File | `/cgi-bin/luci/api/auth` | High
-12 | File | `/cgi-bin/system_mgr.cgi` | High
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/DXR.axd` | Medium
-15 | File | `/ecshop/admin/template.php` | High
-16 | File | `/filemanager/php/connector.php` | High
-17 | File | `/files/import` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/forum/PostPrivateMessage` | High
-20 | File | `/home/www/cgi-bin/login.cgi` | High
-21 | File | `/hrm/employeeview.php` | High
-22 | File | `/Moosikay/order.php` | High
-23 | File | `/net-banking/customer_transactions.php` | High
-24 | File | `/net-banking/send_funds.php` | High
-25 | File | `/out.php` | Medium
-26 | ... | ... | ...
+3 | File | `/admin/patient.php` | High
+4 | File | `/api/admin/system/store/order/list` | High
+5 | File | `/api/blade-log/api/list` | High
+6 | File | `/api/jmeter/download/files` | High
+7 | File | `/api/v2/cli/commands` | High
+8 | File | `/APR/login.php` | High
+9 | File | `/as/authorization.oauth2` | High
+10 | File | `/bsms_ci/index.php` | High
+11 | File | `/bsms_ci/index.php/user/edit_user/` | High
+12 | File | `/cgi-bin/luci/api/auth` | High
+13 | File | `/cgi-bin/system_mgr.cgi` | High
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/DXR.axd` | Medium
+16 | File | `/ecshop/admin/template.php` | High
+17 | File | `/filemanager/php/connector.php` | High
+18 | File | `/files/import` | High
+19 | File | `/forum/away.php` | High
+20 | File | `/forum/PostPrivateMessage` | High
+21 | File | `/home/www/cgi-bin/login.cgi` | High
+22 | File | `/hrm/employeeview.php` | High
+23 | File | `/librarian/bookdetails.php` | High
+24 | File | `/modules/projects/vw_files.php` | High
+25 | File | `/Moosikay/order.php` | High
+26 | File | `/net-banking/customer_transactions.php` | High
+27 | File | `/out.php` | Medium
+28 | File | `/reservation/add_message.php` | High
+29 | File | `/rukovoditel/index.php?module=users/login` | High
+30 | File | `/tmp/boa-temp` | High
+31 | File | `/usr/sbin/suexec` | High
+32 | File | `/wp-admin/admin-ajax.php` | High
+33 | ... | ... | ...
 
-There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/KHRAT/README.md

@@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 13 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -52,15 +52,15 @@ ID | Type | Indicator | Confidence
 2 | File | `/mgmt/tm/util/bash` | High
 3 | File | `/mifs/c/i/reg/reg.html` | High
 4 | File | `/secure/ViewCollectors` | High
-5 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
-6 | File | `adclick.php` | Medium
-7 | File | `add_comment.php` | High
-8 | File | `cgi-bin/awstats.pl` | High
-9 | File | `checkout.cfm` | Medium
-10 | File | `Config/SaveUploadedHotspotLogoFile` | High
+5 | File | `/Session` | Medium
+6 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
+7 | File | `adclick.php` | Medium
+8 | File | `add_comment.php` | High
+9 | File | `cgi-bin/awstats.pl` | High
+10 | File | `checkout.cfm` | Medium
 11 | ... | ... | ...
 
-There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Kimsuky/README.md

@@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 17 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -85,7 +85,8 @@ ID | Type | Indicator | Confidence
 23 | File | `/tlogin.cgi` | Medium
 24 | File | `/tmp/scfgdndf` | High
 25 | File | `/uncpath/` | Medium
-26 | ... | ... | ...
+26 | File | `/upload` | Low
+27 | ... | ... | ...
 
 There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 

actors/Kinsing/README.md

@@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [LA](https://vuldb.com/?country.la)
 * ...
 
-There are 18 more country items available. Please use our online service to access the data.
+There are 19 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -68,65 +68,68 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin/contenttemp` | High
 2 | File | `/admin/dl_sendmail.php` | High
-3 | File | `/api/files/` | Medium
-4 | File | `/api/trackedEntityInstances` | High
-5 | File | `/api/v2/cli/commands` | High
-6 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
-7 | File | `/cgi-bin/wlogin.cgi` | High
-8 | File | `/de/cgi/dfs_guest/` | High
-9 | File | `/filemanager/upload.php` | High
-10 | File | `/GponForm/fsetup_Form` | High
-11 | File | `/include/makecvs.php` | High
-12 | File | `/includes/event-management/index.php` | High
-13 | File | `/index.php` | Medium
-14 | File | `/lab.html` | Medium
-15 | File | `/Main_AdmStatus_Content.asp` | High
-16 | File | `/member/picture/album` | High
-17 | File | `/mgmt/tm/util/bash` | High
-18 | File | `/mifs/c/i/reg/reg.html` | High
-19 | File | `/modules/profile/index.php` | High
-20 | File | `/out.php` | Medium
-21 | File | `/products/details.asp` | High
-22 | File | `/requests.php` | High
-23 | File | `/secure/QueryComponent!Default.jspa` | High
-24 | File | `/secure/ViewCollectors` | High
-25 | File | `/services/details.asp` | High
-26 | File | `/spip.php` | Medium
-27 | File | `/SysInfo.htm` | Medium
-28 | File | `/uncpath/` | Medium
-29 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
-30 | File | `/usr/syno/etc/mount.conf` | High
-31 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
-32 | File | `/vendor` | Low
-33 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
-34 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
-35 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
-36 | File | `a-b-membres.php` | High
-37 | File | `actions.php` | Medium
-38 | File | `adclick.php` | Medium
-39 | File | `add.php` | Low
-40 | File | `addtocart.asp` | High
-41 | File | `add_2_basket.asp` | High
-42 | File | `add_comment.php` | High
-43 | File | `admin.jcomments.php` | High
-44 | File | `admin.php` | Medium
-45 | File | `admin.php/comments/batchdel/` | High
-46 | File | `admin/aboutus.php` | High
-47 | File | `admin/adm/test.php` | High
-48 | File | `admin/bitrix.mpbuilder_step2.php` | High
-49 | File | `admin/conf_users_edit.php` | High
-50 | File | `admin/media.php` | High
-51 | File | `admin/vqmods.app/vqmods.inc.php` | High
-52 | File | `adminer.php` | Medium
-53 | File | `administrator/components/com_media/helpers/media.php` | High
-54 | File | `admin\controller\uploadfile.php` | High
-55 | File | `agora.cgi` | Medium
-56 | File | `album_portal.php` | High
-57 | File | `al_initialize.php` | High
-58 | File | `application/modules/admin/views/ecommerce/products.php` | High
-59 | ... | ... | ...
+3 | File | `/admin/store.php` | High
+4 | File | `/api/files/` | Medium
+5 | File | `/api/trackedEntityInstances` | High
+6 | File | `/api/user/password/sent-reset-email` | High
+7 | File | `/api/v2/cli/commands` | High
+8 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
+9 | File | `/cgi-bin/wlogin.cgi` | High
+10 | File | `/de/cgi/dfs_guest/` | High
+11 | File | `/filemanager/upload.php` | High
+12 | File | `/forum/away.php` | High
+13 | File | `/GponForm/fsetup_Form` | High
+14 | File | `/include/makecvs.php` | High
+15 | File | `/includes/event-management/index.php` | High
+16 | File | `/index.php` | Medium
+17 | File | `/lab.html` | Medium
+18 | File | `/Main_AdmStatus_Content.asp` | High
+19 | File | `/member/picture/album` | High
+20 | File | `/mgmt/tm/util/bash` | High
+21 | File | `/mifs/c/i/reg/reg.html` | High
+22 | File | `/modules/profile/index.php` | High
+23 | File | `/out.php` | Medium
+24 | File | `/plugins/servlet/gadgets/makeRequest` | High
+25 | File | `/products/details.asp` | High
+26 | File | `/public/plugins/` | High
+27 | File | `/requests.php` | High
+28 | File | `/secure/QueryComponent!Default.jspa` | High
+29 | File | `/secure/ViewCollectors` | High
+30 | File | `/services/details.asp` | High
+31 | File | `/Session` | Medium
+32 | File | `/spip.php` | Medium
+33 | File | `/SysInfo.htm` | Medium
+34 | File | `/uncpath/` | Medium
+35 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
+36 | File | `/usr/syno/etc/mount.conf` | High
+37 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+38 | File | `/vendor` | Low
+39 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
+40 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
+41 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
+42 | File | `a-b-membres.php` | High
+43 | File | `actions.php` | Medium
+44 | File | `adclick.php` | Medium
+45 | File | `add.php` | Low
+46 | File | `addtocart.asp` | High
+47 | File | `add_2_basket.asp` | High
+48 | File | `add_comment.php` | High
+49 | File | `admin.jcomments.php` | High
+50 | File | `admin.php` | Medium
+51 | File | `admin.php/comments/batchdel/` | High
+52 | File | `admin/aboutus.php` | High
+53 | File | `admin/adm/test.php` | High
+54 | File | `admin/article_save.php` | High
+55 | File | `admin/bitrix.mpbuilder_step2.php` | High
+56 | File | `admin/conf_users_edit.php` | High
+57 | File | `admin/media.php` | High
+58 | File | `admin/vqmods.app/vqmods.inc.php` | High
+59 | File | `adminer.php` | Medium
+60 | File | `administrator/components/com_media/helpers/media.php` | High
+61 | File | `admin\controller\uploadfile.php` | High
+62 | ... | ... | ...
 
-There are 517 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 543 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Lapsus/README.md

@@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
 14 | File | `admin/area.php` | High
 15 | ... | ... | ...
 
-There are 121 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 122 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Lazarus/README.md

@@ -26,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...
 
-There are 13 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -274,7 +274,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37, CWE-425 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-37, CWE-425 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
@@ -292,36 +292,36 @@ ID | Type | Indicator | Confidence
 2 | File | `/Admin/add-student.php` | High
 3 | File | `/advanced-tools/nova/bin/netwatch` | High
 4 | File | `/api/jmeter/download/files` | High
-5 | File | `/api/v1/attack/falco` | High
-6 | File | `/APR/login.php` | High
-7 | File | `/aya/module/admin/fst_down.inc.php` | High
-8 | File | `/boat/login.php` | High
-9 | File | `/bsms_ci/index.php/user/edit_user/` | High
-10 | File | `/cgi-bin/R14.2/easy1350.pl` | High
-11 | File | `/cgi-bin/R14.2/log.pl` | High
+5 | File | `/api/upload` | Medium
+6 | File | `/api/v1/attack/falco` | High
+7 | File | `/APR/login.php` | High
+8 | File | `/aya/module/admin/fst_down.inc.php` | High
+9 | File | `/boat/login.php` | High
+10 | File | `/bsms_ci/index.php/user/edit_user/` | High
+11 | File | `/cgi-bin/wlogin.cgi` | High
 12 | File | `/DXR.axd` | Medium
 13 | File | `/ebics-server/ebics.aspx` | High
-14 | File | `/etc/tomcat8/Catalina/attack` | High
-15 | File | `/files/import` | High
-16 | File | `/forum/away.php` | High
-17 | File | `/HNAP1/SetClientInfo` | High
-18 | File | `/ims/login.php` | High
+14 | File | `/files/import` | High
+15 | File | `/forum/away.php` | High
+16 | File | `/HNAP1/SetClientInfo` | High
+17 | File | `/ims/login.php` | High
+18 | File | `/j_security_check` | High
 19 | File | `/librarian/bookdetails.php` | High
-20 | File | `/login/index.php` | High
-21 | File | `/mhds/clinic/view_details.php` | High
-22 | File | `/Moosikay/order.php` | High
-23 | File | `/nova/bin/detnet` | High
-24 | File | `/out.php` | Medium
-25 | File | `/php-opos/index.php` | High
-26 | File | `/resources//../` | High
-27 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
-28 | File | `/sys/dict/queryTableData` | High
-29 | File | `/tmp/boa-temp` | High
-30 | File | `/tourism/rate_review.php` | High
-31 | File | `/uncpath/` | Medium
+20 | File | `/Moosikay/order.php` | High
+21 | File | `/nova/bin/detnet` | High
+22 | File | `/out.php` | Medium
+23 | File | `/php-opos/index.php` | High
+24 | File | `/resources//../` | High
+25 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+26 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
+27 | File | `/sys/dict/queryTableData` | High
+28 | File | `/tmp/boa-temp` | High
+29 | File | `/tourism/rate_review.php` | High
+30 | File | `/uncpath/` | Medium
+31 | File | `/wp-json` | Medium
 32 | ... | ... | ...
 
-There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/LazyScripter/README.md

@@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
 11 | File | `admin/menus/edit.php` | High
 12 | ... | ... | ...
 
-There are 89 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 90 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Lemon Duck/README.md

@@ -48,13 +48,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
-There are 17 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -67,36 +68,38 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin/patient.php` | High
 4 | File | `/as/authorization.oauth2` | High
 5 | File | `/blogengine/api/posts` | High
-6 | File | `/cgi-bin/api-get_line_status` | High
-7 | File | `/cgi-bin/luci` | High
-8 | File | `/cgi-bin/luci/api/auth` | High
-9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-10 | File | `/cgi-bin/upload_vpntar` | High
-11 | File | `/cgi-bin/wlogin.cgi` | High
-12 | File | `/cgi/trustclustermaster.cgi` | High
-13 | File | `/Content/Template/root/reverse-shell.aspx` | High
-14 | File | `/debug/pprof` | Medium
-15 | File | `/DXR.axd` | Medium
-16 | File | `/export` | Low
-17 | File | `/filemanager/php/connector.php` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/goform/SetPptpServerCfg` | High
-20 | File | `/h/calendar` | Medium
-21 | File | `/js/app.js` | Medium
-22 | File | `/login/index.php` | High
-23 | File | `/obs/book.php` | High
-24 | File | `/products/view_product.php` | High
-25 | File | `/public/login.htm` | High
-26 | File | `/rukovoditel/index.php?module=users/login` | High
-27 | File | `/secure/QueryComponent!Default.jspa` | High
-28 | File | `/services/view_service.php` | High
-29 | File | `/shell` | Low
-30 | File | `/spip.php` | Medium
-31 | File | `/uncpath/` | Medium
-32 | File | `/usr/bin/tddp` | High
-33 | ... | ... | ...
+6 | File | `/cgi-bin/luci/api/auth` | High
+7 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
+8 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+9 | File | `/cgi-bin/upload_vpntar` | High
+10 | File | `/cgi-bin/wlogin.cgi` | High
+11 | File | `/Content/Template/root/reverse-shell.aspx` | High
+12 | File | `/debug/pprof` | Medium
+13 | File | `/DXR.axd` | Medium
+14 | File | `/filemanager/php/connector.php` | High
+15 | File | `/forum/away.php` | High
+16 | File | `/login/index.php` | High
+17 | File | `/mhds/clinic/view_details.php` | High
+18 | File | `/modules/projects/vw_files.php` | High
+19 | File | `/obs/book.php` | High
+20 | File | `/products/view_product.php` | High
+21 | File | `/public/login.htm` | High
+22 | File | `/rukovoditel/index.php?module=users/login` | High
+23 | File | `/secure/QueryComponent!Default.jspa` | High
+24 | File | `/shell` | Low
+25 | File | `/spip.php` | Medium
+26 | File | `/uncpath/` | Medium
+27 | File | `/usr/bin/tddp` | High
+28 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+29 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+30 | File | `/wp-admin/admin-ajax.php` | High
+31 | File | `/wp-admin/options.php` | High
+32 | File | `/wp-json/wc/v3/webhooks` | High
+33 | File | `adclick.php` | Medium
+34 | File | `admin.php` | Medium
+35 | ... | ... | ...
 
-There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References